kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
website/content/en/docs/reference/issues-security/official-cve-feed.md

1.8 KiB
Raw Blame History

title weight outputs layout
Official CVE Feed 25
json
html
cve-feed

{{< feature-state for_k8s_version="v1.25" state="alpha" >}}

This is a community maintained list of official CVEs announced by the Kubernetes Security Response Committee. See Kubernetes Security and Disclosure Information for more details.

The Kubernetes project publishes a programmatically accessible JSON Feed of published security issues. You can access it by executing the following command:

{{< comment >}}
replace is used to bypass known issue with rendering ">"
https://github.com/gohugoio/hugo/issues/7229 in JSON layouts template layouts/_default/cve-feed.json {{< /comment >}}
curl -Lv https://k8s.io/docs/reference/issues-security/official-cve-feed/index.json

{{< cve-feed >}}

This feed is auto-refreshing with a noticeable but small lag (minutes to hours) from the time a CVE is announced to the time it is accessible in this feed.

The source of truth of this feed is a set of GitHub Issues, filtered by a controlled and restricted label official-cve-feed. The raw data is stored in a Google Cloud Bucket which is writable only by a small number of trusted members of the Community.