For optimal reading, please switch to desktop mode.
Azimuth is a free and open source cloud portal that makes it possible to easily deploy and administer science platforms such as Slurm, JupyterHub or Kubernetes clusters (and more) on top on an OpenStack cloud. One of its useful features is the use of the Zenith proxy which makes platforms available to users using OpenSSH, the well-known suite of secure networking utilities.
Azimuth recently underwent a security audit by pentesting outfit Arctic Owl and we are pleased to report it came out with flying colours.
Pentesting Azimuth
Over the months of December 2024 and January 2025, the Azimuth project was analysed, concentrating on three key areas:
- web application,
- architecture (azimuth-cloud/azimuth and azimuth-cloud/zenith in particular), and
- Kubernetes infrastructure.
The test methodology consisted in pentesting a deployment of Azimuth, with – of course – access to the source code, using the code to dive deeper into features and internal mechanisms.
Solid results
The audit found no critical or high vulnerabilities, only a few low and informational, and noted good hardening practices, both in design and in coding, as well as in deployment.
It is also worth noting the few findings were not exploitable because of good attack surface reduction practices.
This is a great confirmation of the Azimuth team's hard work and thoughtful approach to building a cloud portal designed for science platforms, which often have higher than usual security requirements.
As the custodian and main contributor to the open source Azimuth cloud portal, we have already started implementing the few improvements suggested by Arctic Owl.
Read the report and get involved!
If you'd like to read the whole report for yourself, we are making it publically available today:
Azimuth Cloud Portal security audit report (PDF)
And if you'd like to help build Azimuth, making it an even better solution for easily creating, managing and accessing platforms, join its nascent open source community.
Our thanks go out to Erik at Arctic Owl for his work and the Azimuth team for their ongoing efforts.
Get in touch and try Azimuth
If you would like to get try Azimuth, it is open source software you are free to use. Get in touch if you are interested in support and more, we would love to hear from you. Reach out to us via LinkedIn, Bluesky or directly via our contact page.