Request for VAPT Report for Jaeger Ingester

[Digvijay-mishra]

Requirement

I would like to receive a comprehensive Vulnerability Assessment and Penetration Testing (VAPT) report for Jaeger Ingester. This report is essential for ensuring the security of our distributed tracing system, which is critical for monitoring and optimizing our applications. Understanding potential vulnerabilities will help us implement necessary security measures before deploying Jaeger in our production environment.

Problem

Currently, there is limited visibility into the security posture of Jaeger Ingester. Without a formal VAPT report, we cannot adequately assess potential vulnerabilities that could be exploited by malicious actors. This lack of information poses a significant risk, as any undiscovered vulnerabilities could lead to data breaches or service disruptions, impacting our application's reliability and user trust.

Proposal

I propose that a comprehensive VAPT report be created for Jaeger Ingester, which includes an overview of identified vulnerabilities, detailed analysis, remediation guidance, and testing methodology. If a formal report cannot be provided, I would appreciate guidance on best practices for conducting a security assessment of Jaeger Ingester and recommendations for tools or resources that can assist in this process.

Open questions

1. Is there an existing VAPT report available for Jaeger Ingester that can be shared with users?
2. What specific security measures are currently implemented in Jaeger Ingester?
3. Are there recommended tools and resources for conducting a self-assessment of Jaeger Ingester's security posture?
4. How frequently does the team conduct security assessments on Jaeger components?

[yurishkuro]

• https://github.com/jaegertracing/jaeger#security
• https://github.com/cncf/tag-security/blob/main/community/assessments/projects/jaeger/self-assessment.md