[zh-cn] Localize blog 2022-09-12-Announcing-the-Auto-Refreshing-Official-CVE-Feed
jzhupup
parent
eb82e6e2d8
commit
5a87aaacdb
|
|
@ -0,0 +1,144 @@
|
|||
---
|
||||
layout: blog
|
||||
title: 宣布自动刷新官方 Kubernetes CVE 订阅源
|
||||
date: 2022-09-12
|
||||
slug: k8s-cve-feed-alpha
|
||||
---
|
||||
<!--
|
||||
layout: blog
|
||||
title: Announcing the Auto-refreshing Official Kubernetes CVE Feed
|
||||
date: 2022-09-12
|
||||
slug: k8s-cve-feed-alpha
|
||||
-->
|
||||
|
||||
<!--
|
||||
**Author**: Pushkar Joglekar (VMware)
|
||||
|
||||
A long-standing request from the Kubernetes community has been to have a
|
||||
programmatic way for end users to keep track of Kubernetes security issues
|
||||
(also called "CVEs", after the database that tracks public security issues across
|
||||
different products and vendors). Accompanying the release of Kubernetes v1.25,
|
||||
we are excited to announce availability of such
|
||||
a [feed](/docs/reference/issues-security/official-cve-feed/) as an `alpha`
|
||||
feature. This blog will cover the background and scope of this new service.
|
||||
-->
|
||||
**作者**:Pushkar Joglekar (VMware)
|
||||
|
||||
Kubernetes 社区有一个长时间未解决的需求,即为最终用户提供一种编程方式来跟踪
|
||||
Kubernetes 安全问题(也称为 “CVE”,这来自于跟踪不同产品和供应商的公共安全问题的数据库)。
|
||||
随着 Kubernetes v1.25 的发布,我们很高兴地宣布以 `alpha`
|
||||
特性的形式推出这样的[订阅源](/zh-cn/docs/reference/issues-security/official-cve-feed/)。
|
||||
在这篇博客中将介绍这项新服务的背景和范围。
|
||||
|
||||
<!--
|
||||
## Motivation
|
||||
|
||||
With the growing number of eyes on Kubernetes, the number of CVEs related to
|
||||
Kubernetes have increased. Although most CVEs that directly, indirectly, or
|
||||
transitively impact Kubernetes are regularly fixed, there is no single place for
|
||||
the end users of Kubernetes to programmatically subscribe or pull the data of
|
||||
fixed CVEs. Current options are either broken or incomplete.
|
||||
-->
|
||||
## 动机
|
||||
|
||||
随着关注 Kubernetes 的人越来越多,与 Kubernetes 相关的 CVE 数量也在增加。
|
||||
尽管大多数直接地、间接地或传递性地影响 Kubernetes 的 CVE 都被定期修复,
|
||||
但 Kubernetes 的最终用户没有一个地方能够以编程方式来订阅或拉取固定的 CVE 数据。
|
||||
目前的一些数据源要么已损坏,要么不完整。
|
||||
|
||||
<!--
|
||||
## Scope
|
||||
|
||||
### What This Does
|
||||
|
||||
Create a periodically auto-refreshing, human and machine-readable list of
|
||||
official Kubernetes CVEs
|
||||
-->
|
||||
## 范围
|
||||
|
||||
### 能做什么
|
||||
|
||||
创建一个定期自动刷新的、人和机器可读的官方 Kubernetes CVE 列表。
|
||||
|
||||
<!--
|
||||
### What This Doesn't Do
|
||||
|
||||
* Triage and vulnerability disclosure will continue to be done by SRC (Security
|
||||
Response Committee).
|
||||
* Listing CVEs that are identified in build time dependencies and container
|
||||
images are out of scope.
|
||||
* Only official CVEs announced by the Kubernetes SRC will be published in the
|
||||
feed.
|
||||
-->
|
||||
### 不能做什么
|
||||
|
||||
* 漏洞的分类和披露将继续由 SRC(Security Response Committee,安全响应委员会)完成。
|
||||
* 不会列出在构建时依赖项和容器镜像中发现的 CVE。
|
||||
* 只有 Kubernetes SRC 公布的官方 CVE 才会在订阅源中发布。
|
||||
|
||||
<!--
|
||||
### Who It's For
|
||||
|
||||
* **End Users**: Persons or teams who _use_ Kubernetes to deploy applications
|
||||
they own
|
||||
* **Platform Providers**: Persons or teams who _manage_ Kubernetes clusters
|
||||
* **Maintainers**: Persons or teams who _create_ and _support_ Kubernetes
|
||||
releases through their work in Kubernetes Community - via various Special
|
||||
Interest Groups and Committees.
|
||||
-->
|
||||
### 针对的受众
|
||||
|
||||
* **最终用户**:**使用** Kubernetes 部署他们的应用程序的个人或团队。
|
||||
* **平台提供商**:**管理** Kubernetes 集群的个人或团队。
|
||||
* **维护人员**:通过各种特别兴趣小组和委员会在 Kubernetes 社区中**创建**和**支持** Kubernetes
|
||||
发布版本的个人或团队。
|
||||
|
||||
<!--
|
||||
## Implementation Details
|
||||
|
||||
A supporting
|
||||
[contributor blog](https://kubernetes.dev/blog/2022/09/12/k8s-cve-feed-alpha/)
|
||||
was published that describes in depth on how this CVE feed was implemented to
|
||||
ensure the feed was reasonably protected against tampering and was automatically
|
||||
updated after a new CVE was announced.
|
||||
-->
|
||||
## 实现细节
|
||||
|
||||
发布了一个支持性的[贡献者博客](https://kubernetes.dev/blog/2022/09/12/k8s-cve-feed-alpha/),
|
||||
深入讲述这个 CVE 订阅源是如何实现的,如何确保该订阅源得到合理的保护以免被篡改,
|
||||
如何在一个新的 CVE 被公布后自动更新这个订阅源。
|
||||
|
||||
<!--
|
||||
## What's Next?
|
||||
|
||||
In order to graduate this feature, SIG Security
|
||||
is gathering feedback from end users who are using this alpha feed.
|
||||
-->
|
||||
## 下一步工作
|
||||
|
||||
为了完善此功能,SIG Security 正在收集使用此 Alpha 订阅源的最终用户的反馈。
|
||||
|
||||
<!--
|
||||
So in order to improve the feed in future Kubernetes Releases, if you have any
|
||||
feedback, please let us know by adding a comment to
|
||||
this [tracking issue](https://github.com/kubernetes/sig-security/issues/1) or
|
||||
let us know on
|
||||
[#sig-security-tooling](https://kubernetes.slack.com/archives/C01CUSVMHPY)
|
||||
Kubernetes Slack channel.
|
||||
(Join [Kubernetes Slack here](https://slack.k8s.io))
|
||||
-->
|
||||
因此,为了在未来的 Kubernetes 版本中改进订阅源,如果你有任何反馈,请通过添加评论至
|
||||
[问题追踪](https://github.com/kubernetes/sig-security/issues/1)告诉我们,
|
||||
或者在 [#sig-security-tooling](https://kubernetes.slack.com/archives/C01CUSVMHPY)
|
||||
Kubernetes Slack 频道上告诉我们(从[这里](https://slack.k8s.io)加入 Kubernetes Slack) 。
|
||||
|
||||
<!--
|
||||
_A special shout out and massive thanks to Neha Lohia
|
||||
[(@nehalohia27)](https://github.com/nehalohia27) and Tim
|
||||
Bannister [(@sftim)](https://github.com/sftim) for their stellar collaboration
|
||||
for many months from "ideation to implementation" of this feature._
|
||||
-->
|
||||
**特别感谢 Neha Lohia
|
||||
[(@nehalohia27)](https://github.com/nehalohia27)
|
||||
和 Tim Bannister [(@sftim)](https://github.com/sftim),
|
||||
感谢他们几个月来从“构思到实现”此特性的出色合作。**
|
||||
Loading…
Reference in New Issue