[lsandler]

The problem is in intersection of nginx-ingress and kubernetes. Since ingress controller has access to secrets from all the namespaces (which is kubernetes side of the story) the nginx implementation with snippets added by users (the nginx contribution) may expose these secrets. The post also points to an open source tool that helps people to check if they are vulnerable, whether they want to get to the bottom of the issue or not.

[jamescostian]

I know nearly nothing about ARMO, and I have nothing against you, the company you founded and are CTO of (ARMO), or ARMO providing an open source tool. I appreciate that you have made this work open source.

Still, some of us on hackernews dislike advertising. I 100% agree with everything you've written in this comment, but as I mentioned in the comment you're replying to, the GitHub issue also contains an ad for the same tool - it just doesn't make it front and center, allows for any competitors to make their own comments on an open platform, and it feels less biased. Less advertisey.

Instead of "install our product", it could have been something like "run this thing specific to this exact vulnerability that does the absolute bare minimum. Oh, btw, if you liked that, you should check out our product that does much more, kubescape"

But as it stands now, it just feels different