Commons 4.0 (CC BY 4.0) CNCF security and fuzzing audits This report details a fuzzing audit commissioned by the CNCF and the engagement is part of the broader efforts carried out by CNCF in securing the so�ware so�ware in the CNCF landscape. Demonstrating and ensuring the security of these so�ware packages is vital for the CNCF ecosystem and the CNCF continues to use state of the art techniques to secure its projects projects as well as carrying out manual audits. Over the last handful of years, CNCF has been investing in security audits, fuzzing and so�ware supply chain security that has helped proactively discover

Components Contrib (ADA-DAPR-23-7). We added all fuzzers to Daprs integration at https://github.com/cncf/cncf-fuzzing/tree/main/projects/dapr. When OSS-Fuzz builds Daprs fuzzers, it pulls them from there and well-cra�ed requests to the ratelimit middleware component can cause harm. URL: https://github.com/cncf/cncf-fuzzing/blob/7ed5200c931ff9277d0cd7f587d8792295cd597d /projects/dapr/fuzz_components_contrib_ratelimiter_test authorization header of incoming requests. 15 Dapr security audit 2023 URL: https://github.com/cncf/cncf-fuzzing/blob/d9711dcf18a17cb8671b0b80023eabf2b557a9f5 /projects/dapr/fuzz_components_contrib_azure_eventgrid_test

be severely limited. More information on RBAC-concepts for Kubernetes can be found at: https://www.cncf.io/blog/2018/08/01/demystifying-rbac-in-kubernetes/ https://docs.bitnami.com/tutorials/configure-