This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Container Security Verification Standard (CSVS)"
From OWASP
Disenchant (talk | contribs) (initial content for CSVS wiki page) |
Disenchant (talk | contribs) (fully OWASP-ize the CSVS) |
||
Line 2: | Line 2: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | valign="top" | + | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | |
== What is CSVS? == | == What is CSVS? == | ||
Line 10: | Line 10: | ||
== Download CSVS == | == Download CSVS == | ||
− | [https://github.com/ | + | [https://github.com/OWASP/Container-Security-Verification-Standard/releases/download/v1.0/container_security_verification_standard_v1.0_en.pdf PDF Download] |
− | [https://github.com/ | + | [https://github.com/OWASP/Container-Security-Verification-Standard/releases/download/v1.0/container_security_verification_standard_v1.0_en.docx Word Download] |
[https://github.com/OWASP/Container-Security-Verification-Standard Source Code (GitHub)] | [https://github.com/OWASP/Container-Security-Verification-Standard Source Code (GitHub)] | ||
Line 28: | Line 28: | ||
# The document looks similar to the OWASP Application Security Verification Standard. How is it related? | # The document looks similar to the OWASP Application Security Verification Standard. How is it related? | ||
− | #: We love the work done by OWASP and indeed the overall structure and e.g. the scripts to export the CSVS to | + | #: We love the work done by the OWASP ASVS project team and indeed the overall structure and e.g. the scripts to export the CSVS to different formats is coming from the ASVS. |
− | |||
− | |||
# Topic XYZ is missing. Why? | # Topic XYZ is missing. Why? | ||
− | #: Either it didn't cross our minds yet or we thought it is already covered in one of the requirements in the CSVS. Anyway, please [https://github.com/ | + | #: Either it didn't cross our minds yet or we thought it is already covered in one of the requirements in the CSVS. Anyway, please let us know by [https://github.com/OWASP/Container-Security-Verification-Standard/issues/new opening an issue] or even fork the CSVS and send us a pull request with your proposed changes. |
# There are already other documents that cover container security like the [https://www.cisecurity.org/benchmark/docker/ CIS Docker Benchmark] or [https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-190.pdf NIST Application Container Security Guide]. Why do we need the CSVS? | # There are already other documents that cover container security like the [https://www.cisecurity.org/benchmark/docker/ CIS Docker Benchmark] or [https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-190.pdf NIST Application Container Security Guide]. Why do we need the CSVS? | ||
#: Existing documents often contain more than 100 pages or are using a lot of running text. We think there should be a clear standard that allows you to go through and actually verify your level of security related to container solutions. | #: Existing documents often contain more than 100 pages or are using a lot of running text. We think there should be a clear standard that allows you to go through and actually verify your level of security related to container solutions. | ||
Line 47: | Line 45: | ||
*[https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series OWASP Cheatsheet Series] | *[https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series OWASP Cheatsheet Series] | ||
− | | valign="top" | + | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | |
== Project Resources == | == Project Resources == | ||
Line 69: | Line 67: | ||
{| width="200" cellpadding="2" | {| width="200" cellpadding="2" | ||
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]] |
|- | |- | ||
− | | align="center" valign="top" width="50% | + | | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]] |
− | | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] | + | | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] |
|- | |- | ||
− | | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]] | + | | align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/4.0/| Creative Commons Attribution ShareAlike 4.0 License]] |
|} | |} | ||
|} | |} | ||
Line 82: | Line 80: | ||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
− | [[Category:OWASP Project]] [[Category:OWASP_Document]] | + | [[Category:OWASP Project]] |
+ | [[Category:OWASP_Document]] |
Latest revision as of 08:06, 26 July 2019
What is CSVS?The Container Security Verification Standard (CSVS) is a community-effort to establish a framework of security requirements and controls that focus on normalizing the functional and non-functional security controls required when designing, developing and testing container-based solutions with a focus on Docker. Download CSVSUse Cases
FAQ
Related Projects |
Project ResourcesProject LeaderSven Vetsch @ LicensingCreative Commons Attribution ShareAlike 4.0 Classifications |