Audits Istio service meshes for evidence-backed Zero Trust maturity, attack paths, and remediation priorities.
90
90%
Does it follow best practices?
Impact
93%
1.19xAverage score across 4 eval scenarios
Advisory
Suggest reviewing before use
Zero Trust scoring and maturity assessment
Correct score formula
33%
100%
Unverified dimensions capped at 2
50%
100%
Confidence deductions applied
60%
100%
Maturity level sequential
50%
100%
No maturity credit without verification
30%
100%
ALLOW_ANY egress finding
100%
100%
Default SA shared identity finding
87%
100%
VERIFIED/INFERRED/UNKNOWN labels
0%
100%
N/A score reported if appropriate
50%
100%
Residual risk and retest section
100%
100%
Verdict derived from score
37%
100%
Egress governance and REGISTRY_ONLY assessment
REGISTRY_ONLY is not a firewall
100%
100%
Bypass paths identified
100%
100%
Wildcard ServiceEntry finding
100%
100%
S3 not egress-gateway-routed
100%
100%
No network-level controls finding
100%
100%
Layered control recommendation
100%
100%
Scoped ServiceEntry recommendation
100%
100%
VERIFIED/INFERRED/UNKNOWN labels
0%
100%
Attack scenario present
100%
100%
Validation steps present
25%
100%
Remediation time horizons
100%
100%
Ambient mesh L7 enforcement gaps
No L7 from ambient alone
100%
100%
Tracking namespace gap
100%
100%
deny-external-to-tracking ineffective at L7
100%
100%
Logistics waypoint scope
100%
100%
Platform namespace unenrolled
87%
100%
VERIFIED/INFERRED/UNKNOWN labels
12%
0%
DISABLE PeerAuthentication note
0%
0%
Attack scenario present
100%
100%
Waypoint deployment recommendation
100%
100%
Remediation validation steps
100%
100%
Control vs data-plane separation
62%
62%
Conflicting evidence and severity calibration
Data-plane over config-plane
100%
71%
Revision skew identified
100%
100%
Finding kept open until reconciled
100%
100%
Missing evidence does not lower impact
100%
100%
Confidence reduced for conflicting evidence
40%
70%
VERIFIED/INFERRED/UNKNOWN labels
100%
100%
Causes of discrepancy enumerated
87%
62%
Reconciliation evidence named
100%
100%
Attack scenario present
100%
100%
Remediation and validation steps
100%
100%
Business impact addressed
100%
100%