{"id":13461524,"url":"https://github.com/cilium/cilium","last_synced_at":"2026-04-15T23:01:02.804Z","repository":{"id":37252229,"uuid":"48109239","full_name":"cilium/cilium","owner":"cilium","description":"eBPF-based Networking, Security, and Observability","archived":false,"fork":false,"pushed_at":"2026-04-10T16:08:18.000Z","size":531068,"stargazers_count":24106,"open_issues_count":1002,"forks_count":3706,"subscribers_count":306,"default_branch":"main","last_synced_at":"2026-04-10T16:09:22.922Z","etag":null,"topics":["bpf","cncf","cni","containers","ebpf","k8s","kernel","kubernetes","kubernetes-networking","loadbalancing","monitoring","networking","observability","security","troubleshooting","xdp"],"latest_commit_sha":null,"homepage":"https://cilium.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cilium.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY-INSIGHTS.yml","support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":"cilium.io/enterprise"}},"created_at":"2015-12-16T12:33:31.000Z","updated_at":"2026-04-10T15:40:42.000Z","dependencies_parsed_at":"2023-09-28T10:45:41.116Z","dependency_job_id":"c41684e5-56f5-4429-9dd8-5a970ec60090","html_url":"https://github.com/cilium/cilium","commit_stats":{"total_commits":33290,"total_committers":1016,"mean_commits":32.76574803149607,"dds":0.906788825473115,"last_synced_commit":"523c7be5702823a6b0827a62f6c0844e6de191c7"},"previous_names":["cilium-team/cilium","noironetworks/cilium-net","cilium-team/cilium-net"],"tags_count":831,"template":false,"template_full_name":null,"purl":"pkg:github/cilium/cilium","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cilium%2Fcilium","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cilium%2Fcilium/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cilium%2Fcilium/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cilium%2Fcilium/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cilium","download_url":"https://codeload.github.com/cilium/cilium/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cilium%2Fcilium/sbom","scorecard":{"id":282779,"data":{"date":"2025-08-11","repo":{"name":"github.com/cilium/cilium","commit":"a1d3ec2a2a424d2900c3e589ab8647b1f3142a92"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.2,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: branch 'main' does not require approvers","Info: codeowner review is required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-images-base.yaml:42"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/build-images-base.yaml:88","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/build-images-docs-builder.yaml:49","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/build-images-docs-builder.yaml:112","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/lint-build-commits.yaml:102","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/lint-build-commits.yaml:188","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/lint-build-commits.yaml:282","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/lint-build-commits.yaml:375","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/lint-build-commits.yaml:43"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: GoBuiltInFuzzer integration found: pkg/container/bitlpm/unsigned_test.go:891","Info: GoBuiltInFuzzer integration found: pkg/fqdn/namemanager/fuzz_test.go:16","Info: GoBuiltInFuzzer integration found: pkg/k8s/apis/cilium.io/v2/fuzz_test.go:13","Info: GoBuiltInFuzzer integration found: pkg/k8s/apis/cilium.io/v2/fuzz_test.go:23","Info: GoBuiltInFuzzer integration found: pkg/loadbalancer/fuzz_test.go:95","Info: GoBuiltInFuzzer integration found: pkg/loadbalancer/fuzz_test.go:99","Info: GoBuiltInFuzzer integration found: pkg/loadbalancer/fuzz_test.go:103","Info: GoBuiltInFuzzer integration found: pkg/monitor/format/fuzz_test.go:21","Info: GoBuiltInFuzzer integration found: pkg/policy/fuzz_test.go:20","Info: GoBuiltInFuzzer integration found: pkg/policy/fuzz_test.go:45","Info: GoBuiltInFuzzer integration found: pkg/policy/fuzz_test.go:57"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/auto-labeler.yaml:81","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build-images-ci.yaml:401","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/build-images-ci.yaml:402","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-images-ci.yaml:400","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-images-hotfixes.yaml:192","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build-images-hotfixes.yaml:193","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/build-images-hotfixes.yaml:194","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/ci-images-cache-cleaner.yaml:23","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci-images-cache-cleaner.yaml:24","Info: jobLevel 'repository-projects' permission set to 'read': .github/workflows/update-label-backport-pr.yaml:25","Info: topLevel 'contents' permission set to 'read': .github/workflows/ariane-scheduled.yaml:13","Warn: topLevel 'actions' permission set to 'write': .github/workflows/ariane-scheduled.yaml:15","Warn: no topLevel permission defined: .github/workflows/auto-approve.yaml:1","Warn: no topLevel permission defined: .github/workflows/auto-labeler.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/build-go-caches.yaml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images-base-renovate.yaml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images-base.yaml:33","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images-beta.yaml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images-ci.yaml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images-docs-builder.yaml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images-hotfixes.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images-releases.yaml:11","Warn: no topLevel permission defined: .github/workflows/call-backport-label-updater.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/ci-images-cache-cleaner.yaml:10","Info: topLevel permissions set to 'read-all': .github/workflows/ci-images-garbage-collect.yaml:8","Warn: no topLevel permission defined: .github/workflows/cilium-cli.yaml:1","Warn: no topLevel permission defined: .github/workflows/common-post-jobs.yaml:1","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-aks.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-aks.yaml:37","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-aks.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-aks.yaml:33","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-aws-cni.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-aws-cni.yaml:33","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-aws-cni.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-aws-cni.yaml:37","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-clustermesh.yaml:33","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-clustermesh.yaml:35","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-clustermesh.yaml:37","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-clustermesh.yaml:39","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-delegated-ipam.yaml:33","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-delegated-ipam.yaml:35","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-delegated-ipam.yaml:37","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-delegated-ipam.yaml:39","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-eks.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-eks.yaml:37","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-eks.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-eks.yaml:33","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-gateway-api.yaml:34","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-gateway-api.yaml:36","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-gateway-api.yaml:38","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-gateway-api.yaml:40","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-ginkgo.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-ginkgo.yaml:33","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-ginkgo.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-ginkgo.yaml:37","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-gke.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-gke.yaml:33","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-gke.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-gke.yaml:37","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-ingress.yaml:35","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-ingress.yaml:37","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-ingress.yaml:39","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-ingress.yaml:33","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-ipsec-e2e.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-ipsec-e2e.yaml:37","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-ipsec-e2e.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-ipsec-e2e.yaml:33","Info: topLevel permissions set to 'read-all': .github/workflows/conformance-k8s-network-policies.yaml:11","Info: topLevel permissions set to 'read-all': .github/workflows/conformance-kind-proxy-embedded.yaml:17","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-kubespray.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-kubespray.yaml:33","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-kubespray.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-kubespray.yaml:37","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-multi-pool.yaml:37","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-multi-pool.yaml:39","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-multi-pool.yaml:33","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-multi-pool.yaml:35","Info: topLevel 'actions' permission set to 'read': .github/workflows/conformance-runtime.yaml:35","Info: topLevel 'contents' permission set to 'read': .github/workflows/conformance-runtime.yaml:37","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/conformance-runtime.yaml:39","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/conformance-runtime.yaml:41","Info: topLevel permissions set to 'read-all': .github/workflows/documentation.yaml:13","Info: topLevel 'actions' permission set to 'read': .github/workflows/feature-summary-report.yaml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/feature-summary-report.yaml:19","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/feature-summary-report.yaml:21","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/feature-summary-report.yaml:23","Info: topLevel 'actions' permission set to 'read': .github/workflows/fqdn-perf.yaml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/fqdn-perf.yaml:32","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/fqdn-perf.yaml:36","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/fqdn-perf.yaml:38","Warn: no topLevel permission defined: .github/workflows/hubble-cli-integration-test.yaml:1","Info: topLevel 'actions' permission set to 'read': .github/workflows/integration-test.yaml:35","Info: topLevel 'contents' permission set to 'read': .github/workflows/integration-test.yaml:37","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/integration-test.yaml:39","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/integration-test.yaml:41","Info: topLevel permissions set to 'read-all': .github/workflows/k8s-kind-network-e2e.yaml:11","Info: topLevel permissions set to 'read-all': .github/workflows/k8s-kind-network-policies-e2e.yaml:20","Info: topLevel permissions set to 'read-all': .github/workflows/lint-bpf-checks.yaml:13","Info: topLevel permissions set to 'read-all': .github/workflows/lint-build-commits.yaml:21","Info: topLevel permissions set to 'read-all': .github/workflows/lint-codeowners.yaml:10","Info: topLevel permissions set to 'read-all': .github/workflows/lint-go.yaml:13","Info: topLevel permissions set to 'read-all': .github/workflows/lint-images-base.yaml:15","Info: topLevel permissions set to 'read-all': .github/workflows/lint-workflows.yaml:11","Warn: no topLevel permission defined: .github/workflows/needs-more-info.yaml:1","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/net-perf-gke.yaml:39","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/net-perf-gke.yaml:41","Info: topLevel 'actions' permission set to 'read': .github/workflows/net-perf-gke.yaml:33","Info: topLevel 'contents' permission set to 'read': .github/workflows/net-perf-gke.yaml:35","Info: topLevel 'contents' permission set to 'read': .github/workflows/push-chart-ci.yaml:19","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/push-chart-ci.yaml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yaml:21","Warn: no topLevel permission defined: .github/workflows/renovate-config-validator.yaml:1","Warn: no topLevel permission defined: .github/workflows/renovate.yaml:1","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/scale-cleanup-kops.yaml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/scale-cleanup-kops.yaml:12","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/scale-test-100-gce.yaml:36","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/scale-test-100-gce.yaml:38","Info: topLevel 'actions' permission set to 'read': .github/workflows/scale-test-100-gce.yaml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/scale-test-100-gce.yaml:32","Info: topLevel 'actions' permission set to 'read': .github/workflows/scale-test-5-gce.yaml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/scale-test-5-gce.yaml:32","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/scale-test-5-gce.yaml:36","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/scale-test-5-gce.yaml:38","Info: topLevel 'actions' permission set to 'read': .github/workflows/scale-test-clustermesh.yaml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/scale-test-clustermesh.yaml:32","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/scale-test-clustermesh.yaml:36","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/scale-test-clustermesh.yaml:38","Info: topLevel 'actions' permission set to 'read': .github/workflows/scale-test-egw.yaml:40","Info: topLevel 'contents' permission set to 'read': .github/workflows/scale-test-egw.yaml:42","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/scale-test-egw.yaml:46","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/scale-test-egw.yaml:48","Info: topLevel 'contents' permission set to 'read': .github/workflows/scale-test-node-throughput-gce.yaml:14","Info: topLevel 'actions' permission set to 'read': .github/workflows/tests-ces-migrate.yaml:28","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests-ces-migrate.yaml:30","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/tests-ces-migrate.yaml:32","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/tests-ces-migrate.yaml:34","Info: topLevel permissions set to 'read-all': .github/workflows/tests-cifuzz.yaml:12","Info: topLevel 'actions' permission set to 'read': .github/workflows/tests-clustermesh-upgrade.yaml:33","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests-clustermesh-upgrade.yaml:35","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/tests-clustermesh-upgrade.yaml:37","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/tests-clustermesh-upgrade.yaml:39","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests-datapath-verifier.yaml:33","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/tests-datapath-verifier.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/tests-datapath-verifier.yaml:37","Info: topLevel 'actions' permission set to 'read': .github/workflows/tests-datapath-verifier.yaml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests-e2e-upgrade.yaml:33","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/tests-e2e-upgrade.yaml:35","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/tests-e2e-upgrade.yaml:37","Info: topLevel 'actions' permission set to 'read': .github/workflows/tests-e2e-upgrade.yaml:31","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/tests-ipsec-upgrade.yaml:32","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/tests-ipsec-upgrade.yaml:34","Info: topLevel 'actions' permission set to 'read': .github/workflows/tests-ipsec-upgrade.yaml:28","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests-ipsec-upgrade.yaml:30","Info: topLevel permissions set to 'read-all': .github/workflows/tests-smoke-ipv6.yaml:11","Info: topLevel permissions set to 'read-all': .github/workflows/tests-smoke.yaml:13","Warn: no topLevel permission defined: .github/workflows/update-label-backport-pr.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":7,"reason":"binaries present in source code","details":["Warn: binary detected: pkg/datapath/bpf/sockterm_bpfeb.o:1","Warn: binary detected: pkg/datapath/bpf/sockterm_bpfel.o:1","Warn: binary detected: test/bpf/xdp.o:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: install/kubernetes/cilium/files/nodeinit/prestop.bash:0","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: install/kubernetes/cilium/files/nodeinit/startup.bash:0","Info: Possibly incomplete results: error parsing shell code: \u003e must be followed by a word: test/vtep/install.sh:0","Info: Possibly incomplete results: error parsing shell code: unclosed here-document 'EOF': vendor/github.com/cilium/charts/generate_readme.sh:0","Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): vendor/sigs.k8s.io/controller-runtime/Makefile:0","Warn: third-party GitHubAction not pinned by hash: .github/workflows/call-backport-label-updater.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cilium/cilium/call-backport-label-updater.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Documentation/Dockerfile:4","Warn: containerImage not pinned by hash: Documentation/Dockerfile:26","Warn: containerImage not pinned by hash: cilium-cli/Dockerfile:11","Warn: containerImage not pinned by hash: cilium-cli/Dockerfile:28","Warn: containerImage not pinned by hash: contrib/backporting/Dockerfile:5","Warn: containerImage not pinned by hash: contrib/backporting/Dockerfile:7: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: examples/kubernetes-grpc/Dockerfile:1","Warn: containerImage not pinned by hash: examples/kubernetes-grpc/Dockerfile:30: pin your Docker image by updating docker.io/library/ubuntu:20.04 to docker.io/library/ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: images/builder/Dockerfile:12","Warn: containerImage not pinned by hash: images/builder/Dockerfile:14","Warn: containerImage not pinned by hash: images/builder/Dockerfile:16","Warn: containerImage not pinned by hash: images/builder/Dockerfile:18","Warn: containerImage not pinned by hash: images/builder/Dockerfile:95","Warn: containerImage not pinned by hash: images/builder/Dockerfile:102","Warn: containerImage not pinned by hash: images/cilium-docker-plugin/Dockerfile:12","Warn: containerImage not pinned by hash: images/cilium-docker-plugin/Dockerfile:28","Warn: containerImage not pinned by hash: images/cilium/Dockerfile:13","Warn: containerImage not pinned by hash: images/cilium/Dockerfile:25","Warn: containerImage not pinned by hash: images/cilium/Dockerfile:99","Warn: containerImage not pinned by hash: images/cilium/Dockerfile:127","Warn: containerImage not pinned by hash: images/clustermesh-apiserver/Dockerfile:23","Warn: containerImage not pinned by hash: images/clustermesh-apiserver/Dockerfile:52","Warn: containerImage not pinned by hash: images/clustermesh-apiserver/Dockerfile:62","Warn: containerImage not pinned by hash: images/clustermesh-apiserver/Dockerfile:64","Warn: containerImage not pinned by hash: images/hubble-relay/Dockerfile:15","Warn: containerImage not pinned by hash: images/hubble-relay/Dockerfile:42","Warn: containerImage not pinned by hash: images/hubble-relay/Dockerfile:52","Warn: containerImage not pinned by hash: images/operator/Dockerfile:14","Warn: containerImage not pinned by hash: images/operator/Dockerfile:63","Warn: containerImage not pinned by hash: images/operator/Dockerfile:69","Warn: containerImage not pinned by hash: images/operator/Dockerfile:79","Warn: containerImage not pinned by hash: images/operator/Dockerfile:97","Warn: containerImage not pinned by hash: images/operator/Dockerfile:107","Warn: containerImage not pinned by hash: images/runtime/Dockerfile:14","Warn: containerImage not pinned by hash: images/runtime/Dockerfile:15","Warn: containerImage not pinned by hash: images/runtime/Dockerfile:16","Warn: containerImage not pinned by hash: images/runtime/Dockerfile:18","Warn: containerImage not pinned by hash: images/runtime/Dockerfile:30","Warn: containerImage not pinned by hash: images/runtime/Dockerfile:58","Warn: pipCommand not pinned by hash: Documentation/Dockerfile:28","Warn: pipCommand not pinned by hash: contrib/backporting/Dockerfile:31","Warn: pipCommand not pinned by hash: examples/kubernetes-grpc/Dockerfile:17","Warn: pipCommand not pinned by hash: examples/kubernetes-grpc/Dockerfile:31-38","Warn: goCommand not pinned by hash: images/builder/Dockerfile:64","Warn: downloadThenRun not pinned by hash: contrib/scripts/push_manifest.sh:58","Warn: goCommand not pinned by hash: pkg/ciliumenvoyconfig/stress.sh:3","Warn: goCommand not pinned by hash: pkg/loadbalancer/stress.sh:3","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:10","Warn: pipCommand not pinned by hash: .github/workflows/conformance-kubespray.yaml:144","Warn: pipCommand not pinned by hash: .github/workflows/lint-workflows.yaml:147","Warn: pipCommand not pinned by hash: .github/workflows/lint-workflows.yaml:172","Info: 250 out of 250 GitHub-owned GitHubAction dependencies pinned","Info: 267 out of 268 third-party GitHubAction dependencies pinned","Info:   2 out of  41 containerImage dependencies pinned","Info:   0 out of   7 pipCommand dependencies pinned","Info:  15 out of  20 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3829"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T16:21:00.851Z","repository_id":37252229,"created_at":"2025-08-17T16:21:00.851Z","updated_at":"2025-08-17T16:21:00.851Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31863499,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"ssl_error","status_checked_at":"2026-04-15T15:24:39.138Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","cncf","cni","containers","ebpf","k8s","kernel","kubernetes","kubernetes-networking","loadbalancing","monitoring","networking","observability","security","troubleshooting","xdp"],"created_at":"2024-07-31T11:00:42.311Z","updated_at":"2026-04-15T23:01:02.775Z","avatar_url":"https://github.com/cilium.png","language":"Go","readme":".. raw:: html\n\n   \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo.png\" width=\"350\" alt=\"Cilium Logo\"\u003e\n      \u003cimg src=\"https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-dark.png\" width=\"350\" alt=\"Cilium Logo\"\u003e\n   \u003c/picture\u003e\n\n|cii| |go-report| |clomonitor| |artifacthub| |slack| |go-doc| |rtd| |apache| |bsd| |gpl| |fossa| |gateway-api| |codespaces|\n\nCilium is a networking, observability, and security solution with an eBPF-based\ndataplane. It provides a simple flat Layer 3 network with the ability to span\nmultiple clusters in either a native routing or overlay mode. It is L7-protocol\naware and can enforce network policies on L3-L7 using an identity based security\nmodel that is decoupled from network addressing.\n\nCilium implements distributed load balancing for traffic between pods and to\nexternal services, and is able to fully replace kube-proxy, using efficient\nhash tables in eBPF allowing for almost unlimited scale. It also supports\nadvanced functionality like integrated ingress and egress gateway, bandwidth\nmanagement and service mesh, and provides deep network and security visibility and monitoring.\n\nA new Linux kernel technology called eBPF_ is at the foundation of Cilium. It\nsupports dynamic insertion of eBPF bytecode into the Linux kernel at various\nintegration points such as: network IO, application sockets, and tracepoints to\nimplement security, networking and visibility logic. eBPF is highly efficient\nand flexible. To learn more about eBPF, visit `eBPF.io`_.\n\n.. image:: Documentation/images/cilium-overview.png\n   :alt: Overview of Cilium features for networking, observability, service mesh, and runtime security\n\n.. raw:: html\n\n   \u003ca href=\"https://cncf.io/\"\u003e\n      \u003cpicture\u003e\n         \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://github.com/cncf/artwork/blob/main/other/cncf-member/graduated/color/cncf-graduated-color.svg\" /\u003e\n         \u003cimg src=\"https://github.com/cncf/artwork/blob/main/other/cncf-member/graduated/white/cncf-graduated-white.svg\" alt=\"CNCF Graduated Project\" height=\"80\" /\u003e\n      \u003c/picture\u003e\n   \u003c/a\u003e\n   \u003ca href=\"https://ebpf.io/\"\u003e\n      \u003cpicture\u003e\n         \u003csource media=\"(prefers-color-scheme: light)\" srcset=\".github/assets/powered-by-ebpf.svg\" /\u003e\n         \u003cimg src=\".github/assets/powered-by-ebpf_white.svg\" alt=\"Powered by eBPF\" height=\"80\" align=\"right\" /\u003e\n      \u003c/picture\u003e\n   \u003c/a\u003e\n\nStable Releases\n===============\n\nThe Cilium community maintains minor stable releases for the last three minor\nCilium versions. Older Cilium stable versions from minor releases prior to that\nare considered EOL.\n\nFor upgrades to new minor releases please consult the `Cilium Upgrade Guide`_.\n\nListed below are the actively maintained release branches along with their latest\npatch release, corresponding image pull tags and their release notes:\n\n+---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+\n| `v1.17 \u003chttps://github.com/cilium/cilium/tree/v1.17\u003e`__ | 2025-03-14 | ``quay.io/cilium/cilium:v1.17.2``  | `Release Notes \u003chttps://github.com/cilium/cilium/releases/tag/v1.17.2\u003e`__  |\n+---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+\n| `v1.16 \u003chttps://github.com/cilium/cilium/tree/v1.16\u003e`__ | 2025-03-14 | ``quay.io/cilium/cilium:v1.16.8``  | `Release Notes \u003chttps://github.com/cilium/cilium/releases/tag/v1.16.8\u003e`__  |\n+---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+\n| `v1.15 \u003chttps://github.com/cilium/cilium/tree/v1.15\u003e`__ | 2025-03-14 | ``quay.io/cilium/cilium:v1.15.15`` | `Release Notes \u003chttps://github.com/cilium/cilium/releases/tag/v1.15.15\u003e`__ |\n+---------------------------------------------------------+------------+------------------------------------+----------------------------------------------------------------------------+\n\nArchitectures\n-------------\n\nCilium images are distributed for AMD64 and AArch64 architectures.\n\nSoftware Bill of Materials\n--------------------------\n\nStarting with Cilium version 1.13.0, all images include a Software Bill of\nMaterials (SBOM). The SBOM is generated in `SPDX`_ format. More information\non this is available on `Cilium SBOM`_.\n\n.. _`SPDX`: https://spdx.dev/\n.. _`Cilium SBOM`: https://docs.cilium.io/en/latest/configuration/sbom/\n\nDevelopment\n===========\n\nFor development and testing purpose, the Cilium community publishes snapshots,\nearly release candidates (RC) and CI container images build from the `main\nbranch \u003chttps://github.com/cilium/cilium/commits/main\u003e`_. These images are\nnot for use in production.\n\nFor testing upgrades to new development releases please consult the latest\ndevelopment build of the `Cilium Upgrade Guide`_.\n\nListed below are branches for testing along with their snapshots or RC releases,\ncorresponding image pull tags and their release notes where applicable:\n\n+----------------------------------------------------------------------------+------------+-----------------------------------------+---------------------------------------------------------------------------------+\n| `main \u003chttps://github.com/cilium/cilium/commits/main\u003e`__                   | daily      | ``quay.io/cilium/cilium-ci:latest``     | N/A                                                                             |\n+----------------------------------------------------------------------------+------------+-----------------------------------------+---------------------------------------------------------------------------------+\n| `v1.18.0-pre.0 \u003chttps://github.com/cilium/cilium/commits/v1.18.0-pre.0\u003e`__ | 2025-03-03 | ``quay.io/cilium/cilium:v1.18.0-pre.0`` | `Release Notes \u003chttps://github.com/cilium/cilium/releases/tag/v1.18.0-pre.0\u003e`__ |\n+----------------------------------------------------------------------------+------------+-----------------------------------------+---------------------------------------------------------------------------------+\n\nFunctionality Overview\n======================\n\n.. begin-functionality-overview\n\nProtect and secure APIs transparently\n-------------------------------------\n\nAbility to secure modern application protocols such as REST/HTTP, gRPC and\nKafka. Traditional firewalls operate at Layer 3 and 4. A protocol running on a\nparticular port is either completely trusted or blocked entirely. Cilium\nprovides the ability to filter on individual application protocol requests such\nas:\n\n- Allow all HTTP requests with method ``GET`` and path ``/public/.*``. Deny all\n  other requests.\n- Allow ``service1`` to produce on Kafka topic ``topic1`` and ``service2`` to\n  consume on ``topic1``. Reject all other Kafka messages.\n- Require the HTTP header ``X-Token: [0-9]+`` to be present in all REST calls.\n\nSee the section `Layer 7 Policy`_ in our documentation for the latest list of\nsupported protocols and examples on how to use it.\n\nSecure service to service communication based on identities\n-----------------------------------------------------------\n\nModern distributed applications rely on technologies such as application\ncontainers to facilitate agility in deployment and scale out on demand. This\nresults in a large number of application containers being started in a short\nperiod of time. Typical container firewalls secure workloads by filtering on\nsource IP addresses and destination ports. This concept requires the firewalls\non all servers to be manipulated whenever a container is started anywhere in\nthe cluster.\n\nIn order to avoid this situation which limits scale, Cilium assigns a security\nidentity to groups of application containers which share identical security\npolicies. The identity is then associated with all network packets emitted by\nthe application containers, allowing to validate the identity at the receiving\nnode. Security identity management is performed using a key-value store.\n\nSecure access to and from external services\n-------------------------------------------\n\nLabel based security is the tool of choice for cluster internal access control.\nIn order to secure access to and from external services, traditional CIDR based\nsecurity policies for both ingress and egress are supported. This allows to\nlimit access to and from application containers to particular IP ranges.\n\nSimple Networking\n-----------------\n\nA simple flat Layer 3 network with the ability to span multiple clusters\nconnects all application containers. IP allocation is kept simple by using host\nscope allocators. This means that each host can allocate IPs without any\ncoordination between hosts.\n\nThe following multi node networking models are supported:\n\n* **Overlay:** Encapsulation-based virtual network spanning all hosts.\n  Currently, VXLAN and Geneve are baked in but all encapsulation formats\n  supported by Linux can be enabled.\n\n  When to use this mode: This mode has minimal infrastructure and integration\n  requirements. It works on almost any network infrastructure as the only\n  requirement is IP connectivity between hosts which is typically already\n  given.\n\n* **Native Routing:** Use of the regular routing table of the Linux host.\n  The network is required to be capable to route the IP addresses of the\n  application containers.\n\n  When to use this mode: This mode is for advanced users and requires some\n  awareness of the underlying networking infrastructure. This mode works well\n  with:\n\n  - Native IPv6 networks\n  - In conjunction with cloud network routers\n  - If you are already running routing daemons\n\nLoad Balancing\n--------------\n\nCilium implements distributed load balancing for traffic between application\ncontainers and to external services and is able to fully replace components\nsuch as kube-proxy. The load balancing is implemented in eBPF using efficient\nhashtables allowing for almost unlimited scale.\n\nFor north-south type load balancing, Cilium's eBPF implementation is optimized\nfor maximum performance, can be attached to XDP (eXpress Data Path), and supports\ndirect server return (DSR) as well as Maglev consistent hashing if the load\nbalancing operation is not performed on the source host.\n\nFor east-west type load balancing, Cilium performs efficient service-to-backend\ntranslation right in the Linux kernel's socket layer (e.g. at TCP connect time)\nsuch that per-packet NAT operations overhead can be avoided in lower layers.\n\nBandwidth Management\n--------------------\n\nCilium implements bandwidth management through efficient EDT-based (Earliest Departure\nTime) rate-limiting with eBPF for container traffic that is egressing a node. This\nallows to significantly reduce transmission tail latencies for applications and to\navoid locking under multi-queue NICs compared to traditional approaches such as HTB\n(Hierarchy Token Bucket) or TBF (Token Bucket Filter) as used in the bandwidth CNI\nplugin, for example.\n\nMonitoring and Troubleshooting\n------------------------------\n\nThe ability to gain visibility and troubleshoot issues is fundamental to the\noperation of any distributed system. While we learned to love tools like\n``tcpdump`` and ``ping`` and while they will always find a special place in our\nhearts, we strive to provide better tooling for troubleshooting. This includes\ntooling to provide:\n\n- Event monitoring with metadata: When a packet is dropped, the tool doesn't\n  just report the source and destination IP of the packet, the tool provides\n  the full label information of both the sender and receiver among a lot of\n  other information.\n\n- Metrics export via Prometheus: Key metrics are exported via Prometheus for\n  integration with your existing dashboards.\n\n- Hubble_: An observability platform specifically written for Cilium. It\n  provides service dependency maps, operational monitoring and alerting,\n  and application and security visibility based on flow logs.\n\n.. _Hubble: https://github.com/cilium/hubble/\n.. _`Layer 7 Policy`: https://docs.cilium.io/en/stable/security/policy/language/#layer-7-examples\n\n.. end-functionality-overview\n\nGetting Started\n===============\n\n* `Why Cilium?`_\n* `Getting Started`_\n* `Architecture and Concepts`_\n* `Installing Cilium`_\n* `Frequently Asked Questions`_\n* Contributing_\n\nCommunity\n=========\n\nSlack\n-----\n\nJoin the Cilium `Slack channel \u003chttps://slack.cilium.io\u003e`_ to chat with\nCilium developers and other Cilium users. This is a good place to learn about\nCilium, ask questions, and share your experiences.\n\nSpecial Interest Groups (SIG)\n-----------------------------\n\nSee `Special Interest groups\n\u003chttps://docs.cilium.io/en/stable/community/community/#special-interest-groups\u003e`_ for a list of all SIGs and their meeting times.\n\nDeveloper meetings\n------------------\nThe Cilium developer community hangs out on Zoom to chat. Everybody is welcome.\n\n* Weekly, Wednesday,\n  5:00 pm `Europe/Zurich time \u003chttps://time.is/Canton_of_Zurich\u003e`__ (CET/CEST),\n  usually equivalent to 8:00 am PT, or 11:00 am ET. `Meeting Notes and Zoom Info`_\n* Third Wednesday of each month, 9:00 am `Japan time \u003chttps://time.is/Tokyo\u003e`__ (JST). `APAC Meeting Notes and Zoom Info`_\n\neBPF \u0026 Cilium Office Hours livestream\n-------------------------------------\nWe host a weekly community `YouTube livestream called eCHO \u003chttps://www.youtube.com/channel/UCJFUxkVQTBJh3LD1wYBWvuQ\u003e`_ which (very loosely!) stands for eBPF \u0026 Cilium Office Hours. Join us live, catch up with past episodes, or head over to the `eCHO repo \u003chttps://github.com/isovalent/eCHO\u003e`_ and let us know your ideas for topics we should cover.\n\nGovernance\n----------\nThe Cilium project is governed by a group of `Maintainers and Committers \u003chttps://raw.githubusercontent.com/cilium/cilium/main/MAINTAINERS.md\u003e`__.\nHow they are selected and govern is outlined in our `governance document \u003chttps://github.com/cilium/community/blob/main/GOVERNANCE.md\u003e`__.\n\nAdopters\n--------\nA list of adopters of the Cilium project who are deploying it in production, and of their use cases,\ncan be found in file `USERS.md \u003chttps://github.com/cilium/cilium/blob/main/USERS.md\u003e`__.\n\nLicense\n=======\n\n.. _apache-license: LICENSE\n.. _bsd-license: bpf/LICENSE.BSD-2-Clause\n.. _gpl-license: bpf/LICENSE.GPL-2.0\n\nThe Cilium user space components are licensed under the\n`Apache License, Version 2.0 \u003capache-license_\u003e`__.\nThe BPF code templates are dual-licensed under the\n`General Public License, Version 2.0 (only) \u003cgpl-license_\u003e`__\nand the `2-Clause BSD License \u003cbsd-license_\u003e`__\n(you can use the terms of either license, at your option).\n\n.. _`Cilium Upgrade Guide`: https://docs.cilium.io/en/stable/operations/upgrade/\n.. _`Why Cilium?`: https://docs.cilium.io/en/stable/overview/intro\n.. _`Getting Started`: https://docs.cilium.io/en/stable/#getting-started\n.. _`Architecture and Concepts`: https://docs.cilium.io/en/stable/overview/component-overview/\n.. _`Installing Cilium`: https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/\n.. _`Frequently Asked Questions`: https://github.com/cilium/cilium/issues?utf8=%E2%9C%93\u0026q=is%3Aissue+label%3Akind%2Fquestion+\n.. _Contributing: https://docs.cilium.io/en/stable/contributing/development/\n.. _Prerequisites: https://docs.cilium.io/en/stable/operations/system_requirements/\n.. _`eBPF`: https://ebpf.io\n.. _`eBPF.io`: https://ebpf.io\n.. _`Meeting Notes and Zoom Info`: https://docs.google.com/document/d/1Y_4chDk4rznD6UgXPlPvn3Dc7l-ZutGajUv1eF0VDwQ/edit#\n.. _`APAC Meeting Notes and Zoom Info`: https://docs.google.com/document/d/1egv4qLydr0geP-GjQexYKm4tz3_tHy-LCBjVQcXcT5M/edit#\n\n.. |go-report| image:: https://goreportcard.com/badge/github.com/cilium/cilium\n    :alt: Go Report Card\n    :target: https://goreportcard.com/report/github.com/cilium/cilium\n\n.. |go-doc| image:: https://godoc.org/github.com/cilium/cilium?status.svg\n    :alt: GoDoc\n    :target: https://godoc.org/github.com/cilium/cilium\n\n.. |rtd| image:: https://readthedocs.org/projects/docs/badge/?version=latest\n    :alt: Read the Docs\n    :target: https://docs.cilium.io/\n\n.. |apache| image:: https://img.shields.io/badge/license-Apache-blue.svg\n    :alt: Apache licensed\n    :target: apache-license_\n\n.. |bsd| image:: https://img.shields.io/badge/license-BSD-blue.svg\n    :alt: BSD licensed\n    :target: bsd-license_\n\n.. |gpl| image:: https://img.shields.io/badge/license-GPL-blue.svg\n    :alt: GPL licensed\n    :target: gpl-license_\n\n.. |slack| image:: https://img.shields.io/badge/slack-cilium-brightgreen.svg?logo=slack\n    :alt: Join the Cilium slack channel\n    :target: https://slack.cilium.io\n\n.. |cii| image:: https://bestpractices.coreinfrastructure.org/projects/1269/badge\n    :alt: CII Best Practices\n    :target: https://bestpractices.coreinfrastructure.org/projects/1269\n\n.. |clomonitor| image:: https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/cilium/badge\n    :alt: CLOMonitor\n    :target: https://clomonitor.io/projects/cncf/cilium\n\n.. |artifacthub| image:: https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cilium\n    :alt: Artifact Hub\n    :target: https://artifacthub.io/packages/helm/cilium/cilium\n\n.. |fossa| image:: https://app.fossa.com/api/projects/custom%2B162%2Fgit%40github.com%3Acilium%2Fcilium.git.svg?type=shield\n    :alt: FOSSA Status\n    :target: https://app.fossa.com/projects/custom%2B162%2Fgit%40github.com%3Acilium%2Fcilium.git?ref=badge_shield\n\n.. |gateway-api| image:: https://img.shields.io/badge/Gateway%20API%20Conformance%20v1.2.0-Cilium-green\n    :alt: Gateway API Status\n    :target: https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.2.0/cilium-cilium\n\n.. |codespaces| image:: https://img.shields.io/badge/Open_in_GitHub_Codespaces-gray?logo=github\n    :alt: Github Codespaces\n    :target: https://github.com/codespaces/new?hide_repo_select=true\u0026ref=master\u0026repo=48109239\u0026machine=standardLinux32gb\u0026location=WestEurope\n","funding_links":["cilium.io/enterprise"],"categories":["API Gateway","Go","Networking","HarmonyOS","Install from Source","Uncategorized","Observability","Tools and Libraries","security","Go (531)","网络服务","蓝队工具","Back-End Development","monitoring","Networking \u0026 Connectivity","Repos","Cilium related projects","🌐 Networking \u0026 Service Mesh"],"sub_categories":["[Jenkins](#jenkins)","Windows Manager","Troubleshooting","Uncategorized","Regex","Networking","网络服务_其他","开源防护软件","Image Distribution \u0026 Caching"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcilium%2Fcilium","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcilium%2Fcilium","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcilium%2Fcilium/lists"}