{"id":13575702,"url":"https://github.com/kubernetes-sigs/security-profiles-operator","last_synced_at":"2025-05-15T01:05:03.867Z","repository":{"id":36953058,"uuid":"258468842","full_name":"kubernetes-sigs/security-profiles-operator","owner":"kubernetes-sigs","description":"The Kubernetes Security Profiles Operator","archived":false,"fork":false,"pushed_at":"2025-05-14T13:59:19.000Z","size":71725,"stargazers_count":757,"open_issues_count":21,"forks_count":121,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-05-14T15:01:20.265Z","etag":null,"topics":["apparmor","k8s-sig-node","kubernetes","kubernetes-operator","seccomp","seccomp-operator","seccomp-profiles","security-profiles","selinux"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kubernetes-sigs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY_CONTACTS","support":null,"governance":null,"roadmap":".github/roadmap.svg","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-04-24T09:37:15.000Z","updated_at":"2025-05-14T13:59:23.000Z","dependencies_parsed_at":"2023-10-04T13:45:34.828Z","dependency_job_id":"69f97fb2-e901-4c4d-9d11-82186a970276","html_url":"https://github.com/kubernetes-sigs/security-profiles-operator","commit_stats":{"total_commits":2650,"total_committers":42,"mean_commits":"63.095238095238095","dds":0.6498113207547169,"last_synced_commit":"446defa29acd8f7a0c0c3e1fa5fee25886226495"},"previous_names":["kubernetes-sigs/seccomp-operator"],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fsecurity-profiles-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fsecurity-profiles-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fsecurity-profiles-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fsecurity-profiles-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kubernetes-sigs","download_url":"https://codeload.github.com/kubernetes-sigs/security-profiles-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254254040,"owners_count":22039792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apparmor","k8s-sig-node","kubernetes","kubernetes-operator","seccomp","seccomp-operator","seccomp-profiles","security-profiles","selinux"],"created_at":"2024-08-01T15:01:03.413Z","updated_at":"2025-05-15T01:04:58.857Z","avatar_url":"https://github.com/kubernetes-sigs.png","language":"C","funding_links":[],"categories":["C","kubernetes"],"sub_categories":[],"readme":"# Kubernetes Security Profiles Operator\n\n[![build](https://github.com/kubernetes-sigs/security-profiles-operator/actions/workflows/build.yml/badge.svg)](https://github.com/kubernetes-sigs/security-profiles-operator/actions/workflows/build.yml)\n[![test](https://github.com/kubernetes-sigs/security-profiles-operator/actions/workflows/test.yml/badge.svg)](https://github.com/kubernetes-sigs/security-profiles-operator/actions/workflows/test.yml)\n[![coverage](https://codecov.io/gh/kubernetes-sigs/security-profiles-operator/branch/main/graph/badge.svg?token=37VIWSZ1ZT)](https://codecov.io/gh/kubernetes-sigs/security-profiles-operator)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5368/badge)](https://bestpractices.coreinfrastructure.org/projects/5368)\n[![OCI security profiles](https://img.shields.io/badge/oci%3A%2F%2F-security%20profiles-blue?logo=kubernetes\u0026logoColor=white)](https://github.com/orgs/security-profiles/packages)\n\n\nThe _Security Profiles Operator_ (SPO) is an out-of-tree Kubernetes enhancement which aims to make\nit easier to create and use SELinux, seccomp and AppArmor security profiles in Kubernetes clusters.\n\n- [Installation and Usage](installation-usage.md)\n- [Container Images](https://console.cloud.google.com/gcr/images/k8s-staging-sp-operator/GLOBAL/security-profiles-operator)\n- [Release Process](./release.md)\n- [Testgrid Dashboard](https://testgrid.k8s.io/sig-node-security-profiles-operator)\n\n## Features\n\nThis is the parity of features across various security profiles supported by the SPO:\n\n|                                  | Seccomp | SELinux | AppArmor |\n|----------------------------------|---------|---------|----------|\n|                      Profile CRD |   Yes   |   Yes   |    Yes   |\n| Install profiles in cluster      |   Yes   |   Yes   |    Yes    |\n| Remove unused profiles from cluster |   Yes   |   Yes   |    Yes   |\n|   Profile Recording (audit logs)       |   Yes   |   Yes   |    No     |\n|   Profile Recording (eBPF)            |   Yes   |   No    |    Yes    |\n| Profile Binding to container images     |   Yes   |   No    |    No     |\n|             Audit log enrichment |   Yes   |   Yes   |    Yes   |\n\nFor information about the security model and what permissions each feature requires,\nrefer to SPO's [security model](security-model.md).\n\n## Resources\n\nThe motivation behind the project can be found in the corresponding [RFC][0].\n\n- [Architecture](doc/architecture.svg)\n- [Use Stories](doc/user-stories.md)\n- [Personas](doc/personas.md)\n\n[0]: RFC.md\n\nRelated Kubernetes Enhancement Proposals (KEPs) which have direct influence on\nthis project:\n\n- [Promote seccomp to GA][1]\n- [Add ConfigMap support for seccomp custom profiles][2]\n- [Add KEP to create seccomp built-in profiles and add complain mode][3]\n\nNext to those KEPs, here are existing approaches for security profiles in\nthe Kubernetes world:\n\n- [AppArmor Loader][4]\n- [OpenShift's Machine config operator, in charge of file management and security profiles on hosts][5]\n- [seccomp-config][6]\n\n[1]: https://github.com/kubernetes/enhancements/pull/1148\n[2]: https://github.com/kubernetes/enhancements/pull/1269\n[3]: https://github.com/kubernetes/enhancements/pull/1257\n[4]: https://github.com/kubernetes/kubernetes/tree/c30da3839c8e13fdff59ef5115e982362b2c90ed/test/images/apparmor-loader\n[5]: https://github.com/openshift/machine-config-operator/tree/master/docs\n[6]: https://github.com/UKHomeOffice/seccomp-config\n\n\n## Community, discussions, contributions, and support\n\nIf you're interested in contributing to SPO, please see the [developer focused document](hacking.md).\n\nWe schedule a monthly meeting every last Thursday of a month.\n\n- [Meeting Notes][8]\n\n[8]: https://docs.google.com/document/d/1FQHYdyd7PTCi7_Vd8erPS4nztp0blvivK87HhXqz4uc/edit?usp=sharing\n\nLearn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/).\n\nYou can reach the maintainers of this project at:\n\n- [Slack #security-profiles-operator](https://kubernetes.slack.com/messages/security-profiles-operator)\n- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-dev)\n\n### Code of conduct\n\nParticipation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md).\n\n[owners]: https://git.k8s.io/community/contributors/guide/owners.md\n[creative commons 4.0]: https://git.k8s.io/website/LICENSE\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubernetes-sigs%2Fsecurity-profiles-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkubernetes-sigs%2Fsecurity-profiles-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubernetes-sigs%2Fsecurity-profiles-operator/lists"}