🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
Inside the gittuf Project: Platform-Agnostic Git Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 17, 2025 at 9:33 PM
🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
GitOps-managed home Kubernetes cluster
December 17, 2025 at 6:32 PM
GitOps-managed home Kubernetes cluster
At #AWS re:Invent 2025, @hongwang.bsky.social joined SiliconANGLE Live to discuss GitOps beyond Kubernetes and the shift to practical AI-driven SRE automation. 🌐
Watch the conversation here ➡️ buff.ly/NxWzdie
#GitOps #DevOps #PlatformEngineering #SRE
Watch the conversation here ➡️ buff.ly/NxWzdie
#GitOps #DevOps #PlatformEngineering #SRE
December 17, 2025 at 5:44 PM
At #AWS re:Invent 2025, @hongwang.bsky.social joined SiliconANGLE Live to discuss GitOps beyond Kubernetes and the shift to practical AI-driven SRE automation. 🌐
Watch the conversation here ➡️ buff.ly/NxWzdie
#GitOps #DevOps #PlatformEngineering #SRE
Watch the conversation here ➡️ buff.ly/NxWzdie
#GitOps #DevOps #PlatformEngineering #SRE
Mastery reclaimed 140+ engineering hours every quarter after moving off OSS Argo CD and onto Akuity. 📈
Performance up. Escalations down. GitOps finally running the way it should at enterprise scale. 🚀
Case study: buff.ly/DKEGAnn
#GitOps #Kubernetes #ArgoCD
Performance up. Escalations down. GitOps finally running the way it should at enterprise scale. 🚀
Case study: buff.ly/DKEGAnn
#GitOps #Kubernetes #ArgoCD
December 17, 2025 at 4:05 PM
Mastery reclaimed 140+ engineering hours every quarter after moving off OSS Argo CD and onto Akuity. 📈
Performance up. Escalations down. GitOps finally running the way it should at enterprise scale. 🚀
Case study: buff.ly/DKEGAnn
#GitOps #Kubernetes #ArgoCD
Performance up. Escalations down. GitOps finally running the way it should at enterprise scale. 🚀
Case study: buff.ly/DKEGAnn
#GitOps #Kubernetes #ArgoCD
Cluster Template is an opinionated and extensible template for deploying a Talos Kubernetes cluster, including Flux for GitOps ➤ https:// ku.bz/8VP9H3B5B
Interest | Match | Feed
Interest | Match | Feed
Origin
learnk8s.news
December 17, 2025 at 2:47 PM
Cluster Template is an opinionated and extensible template for deploying a Talos Kubernetes cluster, including Flux for GitOps
➤ https://ku.bz/8VP9H3B5B
➤ https://ku.bz/8VP9H3B5B
December 17, 2025 at 2:46 PM
Cluster Template is an opinionated and extensible template for deploying a Talos Kubernetes cluster, including Flux for GitOps
➤ https://ku.bz/8VP9H3B5B
➤ https://ku.bz/8VP9H3B5B
CI/CD and GitOps automate testing, deployment, and management of microservices, making cloud deployments faster, safer, and more scalable.
Save What Matters
Curate Feeds | Make Collections | Customize Email Briefs
briefly.co
December 17, 2025 at 6:23 AM
CI/CD and GitOps automate testing, deployment, and management of microservices, making cloud deployments faster, safer, and more scalable.
OpenShift GitOps Vulnerability Allows Attackers to Escalate Privileges to Root https://gbhackers.com/openshift-gitops-vulnerability/
December 17, 2025 at 2:12 AM
OpenShift GitOps Vulnerability Allows Attackers to Escalate Privileges to Root https://gbhackers.com/openshift-gitops-vulnerability/
OpenShift GitOpsの脆弱性により、攻撃者が権限をRootまで昇格可能に
Red Hatは、認証済みユーザーがクラスターを完全に制御できる可能性がある、OpenShift GitOpsの重大なセキュリティ欠陥を公表しました。 識別子 CVE-2025-13888が割り当てられたこの脆弱性により、名前空間管理者が本来の範囲を超えて権限を昇格でき、システム全体に対してrootアクセスを取得する可能性があります。 カテゴリ 情報 CVE ID CVE-2025-13888 ベンダーの深刻度 重要 CVSS v3.1 スコア 9.1(重大) 攻撃ベクター ネットワーク(AV:N)…
Red Hatは、認証済みユーザーがクラスターを完全に制御できる可能性がある、OpenShift GitOpsの重大なセキュリティ欠陥を公表しました。 識別子 CVE-2025-13888が割り当てられたこの脆弱性により、名前空間管理者が本来の範囲を超えて権限を昇格でき、システム全体に対してrootアクセスを取得する可能性があります。 カテゴリ 情報 CVE ID CVE-2025-13888 ベンダーの深刻度 重要 CVSS v3.1 スコア 9.1(重大) 攻撃ベクター ネットワーク(AV:N)…
OpenShift GitOpsの脆弱性により、攻撃者が権限をRootまで昇格可能に
Red Hatは、認証済みユーザーがクラスターを完全に制御できる可能性がある、OpenShift GitOpsの重大なセキュリティ欠陥を公表しました。 識別子 CVE-2025-13888が割り当てられたこの脆弱性により、名前空間管理者が本来の範囲を超えて権限を昇格でき、システム全体に対してrootアクセスを取得する可能性があります。 カテゴリ 情報 CVE ID CVE-2025-13888 ベンダーの深刻度 重要 CVSS v3.1 スコア 9.1(重大) 攻撃ベクター ネットワーク(AV:N) Red Hatは深刻度を「重大(Critical)」ではなく「重要(Important)」として評価していますが、名前空間管理者を完全には信頼できない環境では技術的影響は深刻です。 Rootアクセスへの技術的な権限昇格 この脆弱性は、OpenShift GitOpsがArgoCDカスタムリソースの権限を扱う方法における問題に起因します。 標準的な構成では、名前空間管理者は自身の特定の名前空間内のリソース管理に制限されます。 しかしこの欠陥により、悪意ある管理者が特定のカスタムリソースを作成し、システムを欺いて他の名前空間での昇格権限を付与させることが可能になります。 これらの昇格権限を取得すると、攻撃者はコントローラーノード上で実行できる特権ワークロードをデプロイできます。 これにより、クラスター全体へのrootアクセスが事実上付与され、セキュリティ制御の回避、機密データへのアクセス、または運用妨害が可能になります。 攻撃ベクターは「ネットワーク」ベースに分類されています。ただし、悪用には攻撃者がすでに有効な名前空間管理者の認証情報を保有している必要がある点に注意が必要です。 この要件により、脅威は外部の未認証攻撃者ではなく、内部不正や管理者アカウントの侵害に限定されます。 Red Hatは、サポート対象のOpenShift GitOps各バージョンにわたり、この脆弱性に対処するセキュリティ更新をリリースしました。 この修正により、ArgoCDリソース作成時にシステムが権限を適切に検証するようになり、権限昇格の経路が防止されます。 OpenShift GitOpsのバージョン1.16、1.17、または1.18を使用している組織は、利用可能なパッチを直ちに適用してください。 セキュリティチームには、クラスター構成の監査と、名前空間管理者権限を持つユーザー一覧の見直しが推奨されます。 この攻撃は認証済みユーザーが権限を悪用することに依存するため、ソフトウェア更新の適用に加え、管理者アクセスを厳格に制限・監視することが重要な防御層となります。 翻訳元:
blackhatnews.tokyo
December 16, 2025 at 7:23 PM
OpenShift GitOpsの脆弱性により、攻撃者が権限をRootまで昇格可能に
Red Hatは、認証済みユーザーがクラスターを完全に制御できる可能性がある、OpenShift GitOpsの重大なセキュリティ欠陥を公表しました。 識別子 CVE-2025-13888が割り当てられたこの脆弱性により、名前空間管理者が本来の範囲を超えて権限を昇格でき、システム全体に対してrootアクセスを取得する可能性があります。 カテゴリ 情報 CVE ID CVE-2025-13888 ベンダーの深刻度 重要 CVSS v3.1 スコア 9.1(重大) 攻撃ベクター ネットワーク(AV:N)…
Red Hatは、認証済みユーザーがクラスターを完全に制御できる可能性がある、OpenShift GitOpsの重大なセキュリティ欠陥を公表しました。 識別子 CVE-2025-13888が割り当てられたこの脆弱性により、名前空間管理者が本来の範囲を超えて権限を昇格でき、システム全体に対してrootアクセスを取得する可能性があります。 カテゴリ 情報 CVE ID CVE-2025-13888 ベンダーの深刻度 重要 CVSS v3.1 スコア 9.1(重大) 攻撃ベクター ネットワーク(AV:N)…
Most teams deploy across Kubernetes, Terraform, VMs & cloud services but manage promotions separately. 🌐
Akuity now unifies application & infrastructure promotion with one GitOps workflow across all environments using Kargo Enterprise. 🔧
Read more → buff.ly/LKPdWub
Akuity now unifies application & infrastructure promotion with one GitOps workflow across all environments using Kargo Enterprise. 🔧
Read more → buff.ly/LKPdWub
December 16, 2025 at 5:44 PM
Most teams deploy across Kubernetes, Terraform, VMs & cloud services but manage promotions separately. 🌐
Akuity now unifies application & infrastructure promotion with one GitOps workflow across all environments using Kargo Enterprise. 🔧
Read more → buff.ly/LKPdWub
Akuity now unifies application & infrastructure promotion with one GitOps workflow across all environments using Kargo Enterprise. 🔧
Read more → buff.ly/LKPdWub
Spring em geral.
Tem que ter paciência. Em geral, a galera não sabe usar não, mas depois que aprende, é tudo lindo.
Nós criamos uma automação com ArgoCD + Strimzi + GitOps para tudo que é CDC.
Pra mensageria os times usam as suas linguagens de programação e a gente faz pair programming no início.
Tem que ter paciência. Em geral, a galera não sabe usar não, mas depois que aprende, é tudo lindo.
Nós criamos uma automação com ArgoCD + Strimzi + GitOps para tudo que é CDC.
Pra mensageria os times usam as suas linguagens de programação e a gente faz pair programming no início.
December 16, 2025 at 4:22 PM
Spring em geral.
Tem que ter paciência. Em geral, a galera não sabe usar não, mas depois que aprende, é tudo lindo.
Nós criamos uma automação com ArgoCD + Strimzi + GitOps para tudo que é CDC.
Pra mensageria os times usam as suas linguagens de programação e a gente faz pair programming no início.
Tem que ter paciência. Em geral, a galera não sabe usar não, mas depois que aprende, é tudo lindo.
Nós criamos uma automação com ArgoCD + Strimzi + GitOps para tudo que é CDC.
Pra mensageria os times usam as suas linguagens de programação e a gente faz pair programming no início.
#OpenSource thrives because people show up and do the work. 🌱
Akuity’s Peer Appreciation Program celebrates standout #Argo contributors each quarter with recognition and support for their impact on the community. 👏
See award winners → buff.ly/QIzgzBh
#GitOps #DevOps
Akuity’s Peer Appreciation Program celebrates standout #Argo contributors each quarter with recognition and support for their impact on the community. 👏
See award winners → buff.ly/QIzgzBh
#GitOps #DevOps
December 16, 2025 at 4:05 PM
#OpenSource thrives because people show up and do the work. 🌱
Akuity’s Peer Appreciation Program celebrates standout #Argo contributors each quarter with recognition and support for their impact on the community. 👏
See award winners → buff.ly/QIzgzBh
#GitOps #DevOps
Akuity’s Peer Appreciation Program celebrates standout #Argo contributors each quarter with recognition and support for their impact on the community. 👏
See award winners → buff.ly/QIzgzBh
#GitOps #DevOps
Argo CD makes sure the cluster always matches the desired state. With GitOps, your applications become self-healing and always stay in sync with git.
Make Your Kubernetes Apps Self-Heal With Argo CD and GitOps
Argo CD makes sure the cluster always matches the desired state. With GitOps, your applications become self-healing and always stay in sync with git.
bit.ly
December 16, 2025 at 2:30 PM
Argo CD makes sure the cluster always matches the desired state. With GitOps, your applications become self-healing and always stay in sync with git.
OpenShift GitOps Vulnerability Allows Attackers to Escalate Privileges to Root Red Hat has disclosed a critical privilege escalation flaw in OpenShift GitOps that permits authenticated namespace ad...
#Cyber #Security #News #Cybersecurity #Vulnerability […]
[Original post on cyberpress.org]
#Cyber #Security #News #Cybersecurity #Vulnerability […]
[Original post on cyberpress.org]
December 16, 2025 at 1:45 PM
OpenShift GitOps Vulnerability Allows Attackers to Escalate Privileges to Root Red Hat has disclosed a critical privilege escalation flaw in OpenShift GitOps that permits authenticated namespace ad...
#Cyber #Security #News #Cybersecurity #Vulnerability […]
[Original post on cyberpress.org]
#Cyber #Security #News #Cybersecurity #Vulnerability […]
[Original post on cyberpress.org]
Vulnerability in OpenShift GitOps
URL: access.redhat.com/security/cve...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.1
URL: access.redhat.com/security/cve...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.1
cve-details
access.redhat.com
December 16, 2025 at 9:40 AM
Vulnerability in OpenShift GitOps
URL: access.redhat.com/security/cve...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.1
URL: access.redhat.com/security/cve...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.1
Vulnerabilità critica in Red Hat OpenShift GitOps: rischio di takeover del cluster
📌 Link all'articolo : www.redhotcyber.com/post/vul...
#redhotcyber #news #cybersecurity #hacking #kubernetes #vulnerabilita #redhatopenshift #gitops
📌 Link all'articolo : www.redhotcyber.com/post/vul...
#redhotcyber #news #cybersecurity #hacking #kubernetes #vulnerabilita #redhatopenshift #gitops
December 16, 2025 at 6:06 AM
Vulnerabilità critica in Red Hat OpenShift GitOps: rischio di takeover del cluster
📌 Link all'articolo : www.redhotcyber.com/post/vul...
#redhotcyber #news #cybersecurity #hacking #kubernetes #vulnerabilita #redhatopenshift #gitops
📌 Link all'articolo : www.redhotcyber.com/post/vul...
#redhotcyber #news #cybersecurity #hacking #kubernetes #vulnerabilita #redhatopenshift #gitops
**Vulnerabilità critica in Red Hat OpenShift GitOps: rischio di takeover del cluster**
Una falla critica è stata individuata all’interno di**Red Hat OpenShift GitOps,** mettendo a rischio i _cluster Kubernetes_ poiché consente agli utenti con autorizzazioni ridotte di acquisire il pieno […]
Una falla critica è stata individuata all’interno di**Red Hat OpenShift GitOps,** mettendo a rischio i _cluster Kubernetes_ poiché consente agli utenti con autorizzazioni ridotte di acquisire il pieno […]
Original post on poliverso.org
poliverso.org
December 16, 2025 at 6:33 AM
**Vulnerabilità critica in Red Hat OpenShift GitOps: rischio di takeover del cluster**
Una falla critica è stata individuata all’interno di**Red Hat OpenShift GitOps,** mettendo a rischio i _cluster Kubernetes_ poiché consente agli utenti con autorizzazioni ridotte di acquisire il pieno […]
Una falla critica è stata individuata all’interno di**Red Hat OpenShift GitOps,** mettendo a rischio i _cluster Kubernetes_ poiché consente agli utenti con autorizzazioni ridotte di acquisire il pieno […]
Vulnerability in OpenShift GitOps https://access.redhat.com/security/cve/cve-2025-13888
Vulnerability in OpenShift GitOps
Vulnerability in OpenShift GitOps
access.redhat.com
December 16, 2025 at 3:53 AM
Vulnerability in OpenShift GitOps https://access.redhat.com/security/cve/cve-2025-13888
Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root
Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to R
securityonline.info
December 16, 2025 at 3:17 AM
Critical OpenShift GitOps Flaw Risks Cluster Takeover (CVE-2025-13888) via Privilege Escalation to Root
CVE-2025-13888 - Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
CVE ID : CVE-2025-13888
Published : Dec. 15, 2025, 4:15 p.m. | 1 hour, 13 minutes ago
Description : A flaw was found in OpenShift GitOps. Namespace admins c...
CVE ID : CVE-2025-13888
Published : Dec. 15, 2025, 4:15 p.m. | 1 hour, 13 minutes ago
Description : A flaw was found in OpenShift GitOps. Namespace admins c...
CVE-2025-13888 - Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving …
cvefeed.io
December 15, 2025 at 7:05 PM
CVE-2025-13888 - Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
CVE ID : CVE-2025-13888
Published : Dec. 15, 2025, 4:15 p.m. | 1 hour, 13 minutes ago
Description : A flaw was found in OpenShift GitOps. Namespace admins c...
CVE ID : CVE-2025-13888
Published : Dec. 15, 2025, 4:15 p.m. | 1 hour, 13 minutes ago
Description : A flaw was found in OpenShift GitOps. Namespace admins c...
Replay is up! 📽️
@JesseSuen.bsky.social & Taylor Thomas walk through how to unify promotions across Kubernetes, Terraform, VMs, and cloud services using a single GitOps workflow powered by Kargo. 🤩
Watch now ➡️ buff.ly/L71dqIR
#gitops #argocd #devops #kubernetes #akuity #terraform
@JesseSuen.bsky.social & Taylor Thomas walk through how to unify promotions across Kubernetes, Terraform, VMs, and cloud services using a single GitOps workflow powered by Kargo. 🤩
Watch now ➡️ buff.ly/L71dqIR
#gitops #argocd #devops #kubernetes #akuity #terraform
December 15, 2025 at 4:05 PM
Replay is up! 📽️
@JesseSuen.bsky.social & Taylor Thomas walk through how to unify promotions across Kubernetes, Terraform, VMs, and cloud services using a single GitOps workflow powered by Kargo. 🤩
Watch now ➡️ buff.ly/L71dqIR
#gitops #argocd #devops #kubernetes #akuity #terraform
@JesseSuen.bsky.social & Taylor Thomas walk through how to unify promotions across Kubernetes, Terraform, VMs, and cloud services using a single GitOps workflow powered by Kargo. 🤩
Watch now ➡️ buff.ly/L71dqIR
#gitops #argocd #devops #kubernetes #akuity #terraform
You can now share your thoughts on vulnerability CVE-2025-13888 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-13888
Red Hat - Red Hat OpenShift GitOps 1.18
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-13888
Red Hat - Red Hat OpenShift GitOps 1.18
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-13888
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
December 15, 2025 at 3:55 PM
You can now share your thoughts on vulnerability CVE-2025-13888 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-13888
Red Hat - Red Hat OpenShift GitOps 1.18
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-13888
Red Hat - Red Hat OpenShift GitOps 1.18
#vulnerabilitylookup #vulnerability #cybersecurity #bot
GitOpsだけじゃない!新たな選択肢「HelmOps」とは? はじめに こんにちは、サイオステクノロジーの小野です。SIOS Tech Labアドベントカレンダー12日目の投稿です。 「SIOS社員が一年で学んだこと」がアドベントカレンダーのテーマですが、私はこの一年間〇〇Opsと ... The post GitOpsだけじゃない!新たな選択肢「HelmOps」とは? first appeared on SIOS Tech Lab . はじめに こんにちは、...
Interest | Match | Feed
Interest | Match | Feed
Origin
tech-lab.sios.jp
December 15, 2025 at 12:55 AM
December 14, 2025 at 5:26 AM
Argo CD makes sure the cluster always matches the desired state. With GitOps, your applications become self-healing and always stay in sync with git.
Make Your Kubernetes Apps Self-Heal With Argo CD and GitOps
Argo CD makes sure the cluster always matches the desired state. With GitOps, your applications become self-healing and always stay in sync with git.
bit.ly
December 13, 2025 at 3:30 PM
Argo CD makes sure the cluster always matches the desired state. With GitOps, your applications become self-healing and always stay in sync with git.