An open source identity access proxy.
Quantify risk for Kubernetes resources
This is the penultimate article in a series entitled Securing Kubernetes for Cloud Native Applications, and follows our discussion about securing the important components of a cluster, such as the API server and Kubelet. In this article, we’re going to...
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model.
You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.
Kubernetes allows decoupling complex logic such as policy decision from the inner working of API Server by means of "admission controllers”. Admission control is a custom logic executed by a webhook. Kubernetes policy controller is a mutating and a validating webhook which gets called for matching Kubernetes API server requests by the admission controller. It uses Open Policy Agent (OPA) is a policy engine for Cloud Native environments hosted by CNCF as a sandbox level project.
kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resiliant.
kube-hunter is an open-source tool that hunts for security issues in your Kubernetes clusters. It’s designed to increase awareness and visibility of the security controls in Kubernetes environments.
openshift-clair-controller - Openshift Controller for Clair
Introduction Kubernetes introduced NetworkPolicies in 1.6 and in OpenShift this feature was made GA in 3.7. Microsegmentation is the idea of protecting each host with host-specific firewall rules. In this blog post, we will examine approaches for using NetworkPolicies to implement microsegmentation. NetworkPolicy SDN OpenShift installation requires you to choose the SDN implementation that is …
gitleaks - Searches full repo history for secrets and keys 🔑
A bit of secutiry blog, by Alexander Korznikov. Security, python, bash, penetration testing experiments.
audit2rbac takes a Kubernetes audit log and username as input, and generates RBAC role and binding objects that cover all the API requests made by that user.
collector - A framework for Static Analysis of Docker container images
The magma server daemon, is an encrypted email system with support for SMTP, POP, IMAP, HTTP and MOLTEN,. Additional support for DMTP and DMAP is currently in active development.
cylon - Updates, maintenance, backups and system checks in a menu driven bash shell script for an Arch based Linux distro
Rebex SSH Check is a testing tool for SSH servers accessible over internet. The report contains an overview of SSH configuration of the server as well as security recommendations. The service is free.