/envoy

Cloud-native high-performance edge/middle/service proxy

Primary LanguageC++Apache License 2.0Apache-2.0

Envoy Logo

Cloud-native high-performance edge/middle/service proxy

Envoy is hosted by the Cloud Native Computing Foundation (CNCF). If you are a company that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's involved and how Envoy plays a role, read the CNCF announcement.

CII Best Practices OpenSSF Scorecard CLOMonitor Azure Pipelines Fuzzing Status Jenkins

Documentation

Related

Contact

  • envoy-announce: Low frequency mailing list where we will email announcements only.
  • envoy-security-announce: Low frequency mailing list where we will email security related announcements only.
  • envoy-users: General user discussion.
  • envoy-dev: Envoy developer discussion (APIs, feature design, etc.).
  • envoy-maintainers: Use this list to reach all core Envoy maintainers.
  • Twitter: Follow along on Twitter!
  • Slack: Slack, to get invited go here.
    • NOTE: Response to user questions is best effort on Slack. For a "guaranteed" response please email envoy-users@ per the guidance in the following linked thread.

Please see this email thread for information on email list usage.

Contributing

Contributing to Envoy is fun and modern C++ is a lot less scary than you might think if you don't have prior experience. To get started:

Community Meeting

The Envoy team meets twice per month on Tuesday at 9am PT. The public Google calendar is here: https://goo.gl/PkDijT

  • Meeting minutes are here
  • Recorded videos are posted here

Security

Security Audit

There has been several third party engagements focused on Envoy security:

  • In 2018 Cure53 performed a security audit, full report.
  • In 2021 Ada Logics performed an audit on our fuzzing infrastructure with recommendations for improvements, full report.

Reporting security vulnerabilities

If you've found a vulnerability or a potential vulnerability in Envoy please let us know at envoy-security. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.

For further details please see our complete security release process.