Pixie Joint Security Assessment

Summary

Pixie is an observability tool that provides a quick and easy way to get information about cloud native applications without requiring manual instrumentation.

Members of the STAG in the CNCF (Justin Cappos, Victor Lu, Jon Zeolla, and Ragashree Shekar) worked with the PIxie team to perform a joint assessment, which was completed in August of 2023. During the course of the assessment, the Pixie team fixed 8 issues that were observed, showing high velocity in addressing security concerns.

Feedback to Pixie Team

Feedback to CNCF

  • More documentation around how their microservices relate and are architected would help others understand the project better,
  • Document the threat model with default configurations along with a hardening guide to understand and address risks better.