CtrlK
BlogDocsLog inGet started
Tessl Logo

shweshi/istio-mesh-zero-trust-audit

Audits Istio service meshes for evidence-backed Zero Trust maturity, attack paths, and remediation priorities.

90

1.19x
Quality

90%

Does it follow best practices?

Impact

93%

1.19x

Average score across 4 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

Evaluation results

100%

47%

Service Mesh Security Scorecard — Healthcare Platform

Zero Trust scoring and maturity assessment

Criteria
Without context
With context

Correct score formula

33%

100%

Unverified dimensions capped at 2

50%

100%

Confidence deductions applied

60%

100%

Maturity level sequential

50%

100%

No maturity credit without verification

30%

100%

ALLOW_ANY egress finding

100%

100%

Default SA shared identity finding

87%

100%

VERIFIED/INFERRED/UNKNOWN labels

0%

100%

N/A score reported if appropriate

50%

100%

Residual risk and retest section

100%

100%

Verdict derived from score

37%

100%

100%

14%

Egress Security Review — SaaS Platform

Egress governance and REGISTRY_ONLY assessment

Criteria
Without context
With context

REGISTRY_ONLY is not a firewall

100%

100%

Bypass paths identified

100%

100%

Wildcard ServiceEntry finding

100%

100%

S3 not egress-gateway-routed

100%

100%

No network-level controls finding

100%

100%

Layered control recommendation

100%

100%

Scoped ServiceEntry recommendation

100%

100%

VERIFIED/INFERRED/UNKNOWN labels

0%

100%

Attack scenario present

100%

100%

Validation steps present

25%

100%

Remediation time horizons

100%

100%

83%

Ambient Mesh Security Review — Logistics Platform

Ambient mesh L7 enforcement gaps

Criteria
Without context
With context

No L7 from ambient alone

100%

100%

Tracking namespace gap

100%

100%

deny-external-to-tracking ineffective at L7

100%

100%

Logistics waypoint scope

100%

100%

Platform namespace unenrolled

87%

100%

VERIFIED/INFERRED/UNKNOWN labels

12%

0%

DISABLE PeerAuthentication note

0%

0%

Attack scenario present

100%

100%

Waypoint deployment recommendation

100%

100%

Remediation validation steps

100%

100%

Control vs data-plane separation

62%

62%

90%

-3%

Mesh Audit — Reconciling Configuration and Observed Behavior

Conflicting evidence and severity calibration

Criteria
Without context
With context

Data-plane over config-plane

100%

71%

Revision skew identified

100%

100%

Finding kept open until reconciled

100%

100%

Missing evidence does not lower impact

100%

100%

Confidence reduced for conflicting evidence

40%

70%

VERIFIED/INFERRED/UNKNOWN labels

100%

100%

Causes of discrepancy enumerated

87%

62%

Reconciliation evidence named

100%

100%

Attack scenario present

100%

100%

Remediation and validation steps

100%

100%

Business impact addressed

100%

100%

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents