The subject of this tender is a framework agreement with a company on programming and other services for developing, providing, documenting, automating and executing penetration tests for the Sovereign Cloud Stack (SCS).
This call for tenders is about hardening SCS with the help of penetration testing. This involves analyzing, identifying and documenting potential attack vectors of SCS-based cloud and container infrastructure offerings, and then developing or enhancing tools that an attacker could use to find and exploit vulnerabilities in such offerings. The contractor should advise the SCS development team on how to avoid these vulnerabilities and mitigate attacks - the agile development team then uses the insights to harden the platform appropriately. The attack tools are to be automated as much as possible, made available under an open-source license and integrated into the test infrastructure (CI) of the SCS project so that reoccurrences of these vulnerabilities are detected immediately and can thus be addressed at an early stage.
The tendered contract contributes to the “Sovereign Cloud Stack - An open, sovereign, federatable infrastructure stack for GAIA-X” project, which is funded by the Federal Ministry for Economic Affairs and Climate Action.