Security

• TLS
  • Underlying implementation
  • FIPS 140-2
  • Enabling certificate verification
  • Certificate selection
  • Secret discovery service (SDS)
  • OCSP Stapling
  • Authentication filter
  • Custom handshaker extension
  • Trouble shooting
• JSON Web Token (JWT) Authentication
• External Authorization
  • Service Definition
• Role Based Access Control
  • Policy
  • Matcher
  • Shadow Policy and Shadow Matcher
  • Condition
• Threat model
  • Confidentiality, integrity and availability
  • Data and control plane
  • Core and extensions
• Extension security: robust_to_untrusted_downstream_and_upstream
• Extension security: data_plane_agnostic
• Extension security: robust_to_untrusted_downstream
• Extension security: requires_trusted_downstream_and_upstream
• Extension security: unknown
• External dependencies
  • Data plane (core)
• External dependencies: dataplane_core
  • Data plane (extensions)
• External dependencies: dataplane_ext
  • envoy.access_loggers.extension_filters.cel
  • envoy.access_loggers.wasm
  • envoy.bootstrap.wasm
  • envoy.compression.brotli.compressor
  • envoy.compression.brotli.decompressor
  • envoy.compression.zstd.compressor
  • envoy.compression.zstd.decompressor
  • envoy.filters.http.aws_lambda
  • envoy.filters.http.aws_request_signing
  • envoy.filters.http.gcp_authn
  • envoy.filters.http.grpc_json_transcoder
  • envoy.filters.http.jwt_authn
  • envoy.filters.http.language
  • envoy.filters.http.lua
  • envoy.filters.http.rbac
  • envoy.filters.http.wasm
  • envoy.filters.network.dubbo_proxy
  • envoy.filters.network.kafka_broker
  • envoy.filters.network.kafka_mesh
  • envoy.filters.network.mysql_proxy
  • envoy.filters.network.postgres_proxy
  • envoy.filters.network.rbac
  • envoy.filters.network.wasm
  • envoy.grpc_credentials.aws_iam
  • envoy.matching.input_matchers.hyperscan
  • envoy.network.connection_balance.dlb
  • envoy.rate_limit_descriptors.expr
  • envoy.rbac.matchers.upstream_ip_port
  • envoy.regex_engines.hyperscan
  • envoy.stat_sinks.wasm
  • envoy.tls.key_providers.cryptomb
  • envoy.tls.key_providers.qat
  • envoy.tracers.opencensus
  • envoy.wasm.runtime.null
  • envoy.wasm.runtime.v8
  • envoy.wasm.runtime.wamr
  • envoy.wasm.runtime.wasmtime
  • envoy.wasm.runtime.wavm
  • Control plane
• External dependencies: controlplane
  • API
• External dependencies: api
  • Observability (core)
• External dependencies: observability_core
  • Observability (extensions)
• External dependencies: observability_ext
  • envoy.filters.http.aws_lambda
  • envoy.filters.http.aws_request_signing
  • envoy.grpc_credentials.aws_iam
  • envoy.tracers.datadog
  • envoy.tracers.dynamic_ot
  • envoy.tracers.opencensus
  • envoy.tracers.skywalking
  • envoy.tracers.zipkin
  • Build
• External dependencies: build
  • Miscellaneous
• External dependencies: other
  • envoy.bootstrap.vcl
  • envoy.filters.http.sxg
  • Test only
• External dependencies: test_only
• Google Vulnerability Reward Program (VRP)
  • Rules
  • Threat model
  • Execution environment
  • Objectives
  • Working with the Docker images
  • Rebuilding the Docker image