Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification regarding release security #52

Closed
eug48 opened this issue Aug 1, 2019 · 2 comments
Closed

Clarification regarding release security #52

eug48 opened this issue Aug 1, 2019 · 2 comments

Comments

@eug48
Copy link

eug48 commented Aug 1, 2019

The README states that "Berglas is not an officially supported Google product" but could it be clarified whether Berglas is still subject to Google's usual internal security measures (e.g. secure builds, code security, reviews, etc)?

Thanks!
@sethvargo
Copy link
Member

Hi @eug48,

Thanks for the query. Berglas uses GCP for builds (specifically Cloud Build), and that's completely audit-able as the scripts are here in this repo. The design and implementation went through Google's rigorous security and privacy review process. All code is reviewed. A detailed threat model is also available in this repo.

Let me know if you have any additional questions!

@eug48
Copy link
Author

eug48 commented Aug 2, 2019

Ok, thanks!

@lock lock bot locked as resolved and limited conversation to collaborators Oct 31, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sethvargo @eug48