Envoy Proxy gets security audit

German security firm Cure53 has completed a security audit of the service mesh / proxy Envoy. A severe security hole was found in the Lyft web admin interface but no critical problems were found in the Envoy core. It's the first completed security audit that the Cloud Native Computing Foundation (CNCF) has started for its hosted projects. The full report on the Envoy audit is available as a PDF.

Envoy was developed by car-sharing company Lyft and donated to the CNCF. Other projects hosted by the CNCF are the monitoring solution Prometheus, container runtimes containerd and rkt, logging solution Fluentd, MySQL sharding solution and many more. The most prominent project is the Kubernetes orchestration framework that has recently been promoted to a "graduated" project.