Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Chris Farhood
|
2789b6eb47 | ||
 Gandalf the Greybeard
|
5cbf0af261 |
@@ -151,7 +151,7 @@ Plaintext values never leave your browser.
|
||||
| Network sniffing | No plaintext on network | ✅ Protected |
|
||||
| Compromised proxy | Only sees encrypted data | ✅ Protected |
|
||||
| Browser XSS | Headlamp CSP policies | ⚠️ Standard web security |
|
||||
| Supply chain | Package locks, Renovate | ⚠️ Ongoing monitoring |
|
||||
| Supply chain | Package locks, dependabot | ⚠️ Ongoing monitoring |
|
||||
|
||||
See: [ADR 003: Client-Side Encryption](docs/architecture/adr/003-client-side-crypto.md)
|
||||
|
||||
|
||||
+1
-1
@@ -70,7 +70,7 @@ Key dependencies with security implications:
|
||||
- **node-forge**: Used for client-side encryption of secret values with the cluster's sealing certificate. Keep this dependency up to date.
|
||||
- **@kinvolk/headlamp-plugin**: Peer dependency providing the Kubernetes API proxy. Update by upgrading your Headlamp installation.
|
||||
|
||||
The project uses `npm audit` and Renovate to monitor for known vulnerabilities.
|
||||
The project uses `npm audit` and Dependabot to monitor for known vulnerabilities.
|
||||
|
||||
## Contact
|
||||
|
||||
|
||||
@@ -349,7 +349,7 @@ Added type safety:
|
||||
|
||||
**Supply Chain**:
|
||||
- Risk: Compromised node-forge dependency
|
||||
- Mitigation: Package lock, Renovate, regular audits
|
||||
- Mitigation: Package lock, dependabot, regular audits
|
||||
- Same risk as any JavaScript dependency
|
||||
|
||||
**Browser Extensions**:
|
||||
|
||||
+1
-3
@@ -52,9 +52,7 @@
|
||||
"overrides": {
|
||||
"tar": "^7.5.11",
|
||||
"undici": "^7.24.3",
|
||||
"vite": ">=6.4.2",
|
||||
"lodash": ">=4.18.0",
|
||||
"elliptic": ">=6.6.1"
|
||||
"lodash": ">=4.18.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"node-forge": "^1.4.0"
|
||||
|
||||
Reference in New Issue
Block a user