CtrlK
BlogDocsLog inGet started
Tessl Logo

shweshi/istio-mesh-zero-trust-audit

Audits Istio service meshes for evidence-backed Zero Trust maturity, attack paths, and remediation priorities.

90

1.19x
Quality

90%

Does it follow best practices?

Impact

93%

1.19x

Average score across 4 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

task.mdevals/scenario-2/

Egress Security Review — SaaS Platform

Problem Description

A SaaS company runs a multi-tenant platform on Kubernetes with Istio. The platform engineering team recently enabled outboundTrafficPolicy: REGISTRY_ONLY across the mesh, believing this would prevent workloads from making unauthorized outbound calls to external services. A compliance auditor has questioned whether this control is sufficient to meet their data-exfiltration prevention requirements, and the team needs a formal assessment.

The inputs directory contains the mesh configuration, ServiceEntry resources, egress gateway configuration, and network policy manifests as captured from the cluster. There is no live cluster access available.

Produce an egress security assessment in egress_assessment.md that evaluates the actual strength of the egress controls in place, identifies any gaps or misconfigurations, and provides a prioritized remediation plan.

Output Specification

  • egress_assessment.md: An egress security assessment. Include an executive summary, a section analyzing the egress architecture and the actual enforcement boundaries of each control, a findings section (each finding with severity, confidence, affected assets, evidence, attack scenario, business impact, remediation, and validation steps), and a remediation plan organized by time horizon (Immediate, 30-day, 90-day).

SKILL.md

tile.json