Helm 2nd Security Audit

Fri, Mar 5, 2021

Helm has now completed a second security audit, funded by the CNCF. The first audit focused on the source code for the Helm client along with the process Helm uses to handle security. The second audit, performed by Trail of Bits, looked at the source code for the Helm client along with a threat model for the use of Helm.

The following diagram is from the threat model and looks at the connections Helm makes along with how it stores files on the local filesystem.

As a result of the audit, the Helm security team worked on a release.

We want to thank the CNCF for providing these security assessments. They provide an expert and outside look at projects, like Helm, so that we can have more security cloud native tooling. We also want to thank Trail of Bits for the assessment. It was a pleasure working with them.

You can get the full reports for the threat model and security assessment in the Helm community repository.

Matt Farina

Subscribe to RSS feed