cloud native software supply chain ☁️🔗. Contribute to liatrio/rode development by creating an account on GitHub.
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards. - google/OpenSK
Karydia is a security add-on for Kubernetes, which helps you follow good security practices by inverting insecure default settings in Kubernetes.
The ultimate Kubernetes security tools list: Image scanning, container compliance, runtime security, e2e commercial platforms, network security and more
CScanner scans your cloud accounts for potential security problems.
An open source identity access proxy.
Quantify risk for Kubernetes resources
This is the penultimate article in a series entitled Securing Kubernetes for Cloud Native Applications, and follows our discussion about securing the important components of a cluster, such as the API server and Kubelet. In this article, we’re going to...
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model.
You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.
Kubernetes allows decoupling complex logic such as policy decision from the inner working of API Server by means of "admission controllers”. Admission control is a custom logic executed by a webhook. Kubernetes policy controller is a mutating and a validating webhook which gets called for matching Kubernetes API server requests by the admission controller. It uses Open Policy Agent (OPA) is a policy engine for Cloud Native environments hosted by CNCF as a sandbox level project.
kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resiliant.
kube-hunter is an open-source tool that hunts for security issues in your Kubernetes clusters. It’s designed to increase awareness and visibility of the security controls in Kubernetes environments.
openshift-clair-controller - Openshift Controller for Clair
Introduction Kubernetes introduced NetworkPolicies in 1.6 and in OpenShift this feature was made GA in 3.7. Microsegmentation is the idea of protecting each host with host-specific firewall rules. In this blog post, we will examine approaches for using NetworkPolicies to implement microsegmentation. NetworkPolicy SDN OpenShift installation requires you to choose the SDN implementation that is …
Tern is a software package inspection tool for containers. It's written in Python3 with a smattering of shell scripts
gitleaks - Searches full repo history for secrets and keys 🔑
A bit of secutiry blog, by Alexander Korznikov. Security, python, bash, penetration testing experiments.
audit2rbac takes a Kubernetes audit log and username as input, and generates RBAC role and binding objects that cover all the API requests made by that user.