-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need Security details to implement Spline in Production environment #1152
Comments
@wajda can you pls help me the details. it will be really helpful we have to expedite our production release. |
Spline is developed according to the common software development practices, including but not limited to: support of secured communication channels (TLS), industry standard ways of storing and accessing secrets, properly treating and escaping user input (to prevent code injection type of attacks), using latest libraries that do not contain any known CVEs that might compromise the application. Basically we adhere practices and recommendations that are common in the industry. However, Spline does not provide any authentication and authorization mechanism out of the box, so if you are going to expose the API to the untrusted network you need to wrap Spline with your own additional security layer (firewall, reverse proxy etc).
no audit has been conducted
no audit has been conducted
no certified penetration testing has been conducted
Absolutely. All Spline components are available as Docker images and can run on any Kubernetes provider, including AKS. Regarding those reports and certificates, Spline is an open-source solution distributed under Apache 2.0 license, so you are advised to approach it with that in mind. Although we (the dev team) do our best to be in-line with the up-to-date security and other industry standards, we do not assume any responsibility in any case. |
Thanks @wajda for reply.
|
Any Docker image is immutable by definition.
https://hub.docker.com/search?q=Absaoss%2FSpline Please refer our GitHub pages for details. Also see our Docker compose config and kubernetes config examples on the https://github.com/AbsaOSS/spline-getting-started
What do you mean by that?
No. |
Thanks @wajda for your quick response. That helps us. |
Hi Team,
We are going to implement spline in production environment, but for Architecture Review board has few queries, Can you pls help us with below:
It will be really great if you help me with this.
Thanks & Regards,
Saroj
The text was updated successfully, but these errors were encountered: