Life of a CVE with Ingress-Nginx - Understanding the Project's Release Cycle

Explore the release cycle and security measures of the Ingress-Nginx project in this 32-minute conference talk by James Strong from Chainguard and Dylen Turnbull from Nginx INC. Gain insights into the project's impressive growth, with 221 releases and over 6800 commits in 7 years. Learn about the extensive testing infrastructure, including 400+ e2e tests and helm chart tests across various Kubernetes versions and deployment landscapes. Discover how the maintainers work to improve the release process, keep Ingress-Nginx CVE-free, and collaborate with sig-release and sig-security to increase release velocity, reduce complexity, and enhance security. Understand the challenges and ongoing efforts in stabilizing and securing this highly configurable controller, and get a behind-the-scenes look at the release process of the Ingress-Nginx controller.