PCF Security Guide
This guide explains how Pivotal Cloud Foundry (PCF) manages network access, roles and permissions, internal communications, container hardening, and other security issues. It is intended to give security professionals a complete view of PCF security, and to help all PCF users, not just the security experts, keep the platform secure.
Pivotal publishes security updates regularly in response to privately- and publicly-reported Common Vulnerabilities and Exposures (CVEs).
See the latest CVEs on the Pivotal Application Security Team page.
To learn about Pivotal’s vulnerability reporting and responsible disclosure process, read PCF Security Overview and Policy.
Securing Traffic into Cloud Foundry: Configuring and maintaining front-end platform security at the load balancer or router.
Identity Management: Managing permissions and trust for PCF user accounts, and user accounts in the underlying IaaS.
PCF Component and Container Security: How PCF components and app containers keep internal communications secure, and what paths, ports, and protocols the components use to communicate.
PCF App and Service Security: Enabling PAS apps to communicate internally with other apps and use service instance credentials securely.
CredHub: The credential management tool that BOSH uses to store deployment credentials and that PCF runtimes use to create and manage app and service credentials.
Security Processes and Stemcells: How Pivotal responds to security vulnerabilities, and how it tests and updates the versioned operating systems that its products run on.
NIST Controls and PCF: Assessment of Pivotal Cloud Foundry against NIST SP 800-53(r4) Controls.