Tanzu Kubernetes Grid Integrated Edition Security Disclosure and Release Process

Note: As of v1.8, Enterprise PKS has been renamed to VMware Tanzu Kubernetes Grid Integrated Edition. Some screenshots in this documentation do not yet reflect the change.

Page last updated:

This topic describes the processes for disclosing security issues and releasing related fixes for VMware Tanzu Kubernetes Grid Integrated Edition, Kubernetes, VMware NSX, and VMware Harbor.

Security Issues in Tanzu Kubernetes Grid Integrated Edition

VMware provides security coverage for Tanzu Kubernetes Grid Integrated Edition. Please report any vulnerabilities directly to the VMware Security Response Center.

Security fixes are provided in accordance with the Ops Manager Security Overview and Policy.

Where applicable, security issues may be coordinated with the responsible disclosure process for the open source security teams in Kubernetes and Cloud Foundry projects.

Security Issues in Kubernetes

VMware follows the Kubernetes responsible disclosure process to work within the Kubernetes project to report and address suspected security issues with Kubernetes.

This process is discussed in Kubernetes Security and Disclosure Information.

When the Kubernetes project releases security fixes, Tanzu Kubernetes Grid Integrated Edition releases fixes according to the Ops Manager Security Overview and Policy.

Security Issues from CFF

VMware follows the Cloud Foundry Foundation (CFF) responsible disclosure process to report and address suspected security issues.

This process is discussed in Cloud Foundry Security.

When the Cloud Foundry Foundation releases security fixes, Tanzu Kubernetes Grid Integrated Edition releases fixes according to the Ops Manager Security Overview and Policy.

Security Issues in VMware NSX

Security issues in VMware NSX are coordinated with the VMware Security Response Center.

Security Issues in VMware Harbor

Security issues in VMware Harbor are coordinated with the VMware Security Response Center.


Please send any feedback you have to pks-feedback@pivotal.io.