SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and for end users. Join organizers Ala, Ian, Pushkar, and Savitha for an overview of SIG Security and updates from our Docs, Self-Assessments, and Third Party Audit subprojects. You'll learn what's been going on, what’s next, and how you can join in.

In this talk, we will focus on the Tooling subproject. Since its inception, this subproject has scanned a myriad of Kubernetes artifacts, finding vulnerabilities that need triage. We’ve also built an auto-refreshing CVE feed that is available in beta today. We will share how these tools are co-maintained in collaboration with other SIGs. Lastly, we will explore the upcoming improvements in these tools through VEX, OpenSSF OSV, and govulncheck, and share with the audience how they can contribute too.

SIG Security has something to learn and contribute for every experience level, from beginner to expert. We hope to see you there!