Skip to content

security.md

Latest commit

 

History

History
116 lines (86 loc) · 4.53 KB

security.md

File metadata and controls

116 lines (86 loc) · 4.53 KB

Security

Threat Model

Initium runs as an initContainer in Kubernetes pods. Its threat model considers:

Trusted

  • The cluster operator who configures the pod spec and Initium arguments
  • The container registry serving the Initium image (verified via image signatures/SBOM)

Untrusted

  • Network endpoints that Initium connects to (may be malicious or compromised)
  • Environment variables that may contain secrets (must not be leaked)
  • File paths provided by users (may attempt path traversal)

Attack Vectors Addressed

Vector Mitigation
Path traversal All file writes constrained to --workdir; absolute paths rejected; .. sequences resolved and validated
Secret leakage via logs Automatic redaction of keys matching token, password, secret, auth, api_key, authorization
Privilege escalation Container runs as UID 65534 (nobody); allowPrivilegeEscalation: false; all capabilities dropped
Filesystem tampering readOnlyRootFilesystem: true; writes only to mounted emptyDir volumes
Unintended network access All target URLs must be explicitly provided via flags; no default outbound connections
TLS downgrade TLS verification enabled by default; --insecure-tls requires explicit opt-in
Shell injection Commands executed via execve (no shell); -- separator for command arguments
Supply chain Minimal scratch base image; SBOM and provenance attestation in CI; pinned dependencies

Safe Defaults

Initium ships with conservative defaults:

  • Timeout: 5s per individual request, 5m overall
  • Max retries: 60 with exponential backoff (capped at 30s)
  • TLS: Certificate verification enabled
  • File writes: Constrained to /work
  • Logging: Secrets redacted; JSON output optional
  • Execution: No shell; direct process execution

Running with Restricted Pod Security

Pod Security Admission (PSA) — restricted profile

Initium is fully compatible with the Kubernetes restricted Pod Security Standard:

apiVersion: v1
kind: Namespace
metadata:
  name: my-namespace
  labels:
    pod-security.kubernetes.io/enforce: restricted
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/warn: restricted

The following securityContext satisfies the restricted profile:

securityContext:
  runAsNonRoot: true
  runAsUser: 65534
  runAsGroup: 65534
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
      - ALL

Pod Security Policies (PSP) — deprecated

If your cluster still uses PSPs, the same security context fields apply. Initium requires no special privileges.

Image Verification

Release images are signed with cosign using keyless signing (Sigstore OIDC via GitHub Actions). SBOM attestations are signed and attached to each image. Provenance attestations are generated by Docker BuildKit and can be inspected with docker buildx imagetools.

Verify image signature

# Verify signature (requires cosign)
cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.1.0' \
  ghcr.io/kitstream/initium:2.1.0

# Or use the Makefile target (also supports IMAGE=ghcr.io/kitstream/initium-jyq)
make verify-image VERSION=2.1.0

Verify SBOM attestation

cosign verify-attestation \
  --type spdx \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity 'https://github.com/KitStream/initium/.github/workflows/release.yml@refs/tags/v2.1.0' \
  ghcr.io/kitstream/initium:2.1.0

View provenance and SBOM

Provenance and SBOM attestations are generated by Docker BuildKit during the image build:

# View provenance
docker buildx imagetools inspect ghcr.io/kitstream/initium:2.1.0 --format '{{json .Provenance}}'

# View SBOM
docker buildx imagetools inspect ghcr.io/kitstream/initium:2.1.0 --format '{{json .SBOM}}'