ControlPlane

kubesec

Security risk analysis for Kubernetes resources

simulator

Kubernetes Security Training Platform - focusing on security mitigation

kubectl-kubesec

Security risk analysis for Kubernetes resources

netassert

Network security testing for Kubernetes DevSecOps workflows

badrobot

BadRobot - Operator Security Audit Tool

truffleproc

truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)

kubesec-webhook

Security risk analysis for Kubernetes resources

threat-modelling-labs

Labs for Threat Modelling training delivered by ControlPlane

kubesec-action

Runs Kubesec as GitHub action

operator-threat-matrix

Kubernetes Operator Threat Matrix

threat-modelling-zero-trust-talk

collie

OSCAL and Kyverno Policy Demo for AWS

cp-jenkins

ControlPlane's Opinionated Jenkins-as-Code

spire-vault

Example configuration for integrating Spire with Vault.

netassertv2-packet-sniffer

This repo houses Netassertv2 TCP/UDP Packet sniffer

threat-modelling-envoy-gateway-talk

Demos and investigation work supporting the Envoy Gateway threat model

cve-2019-1003000-jenkins-rce-poc

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

demo-api

A contrived demo repo for testing with CI servers

docker-gcloud-sdk

null

hostile-npm

An example of a hostile pre-install npm hook

jenkins-shared-library

Jenkins Shared Library for demonstration purposes.

.github

Github landing page README

distribution

Enterprise Distribution for Flux CD

k8s-prom-hpa

Kubernetes Horizontal Pod Autoscaler with Prometheus custom metrics

netassertv2-l4-client

This repo houses the Layer 4 (TCP/UDP) client used by Netassert v2

opa

An open source, general-purpose policy engine.

policy

CLI for building OPA policies into OCI images

semgrep-rules

Semgrep rules registry

shutit

Automation framework for programmers

tekton-training

Sample Tekton Pipeline specification for ControlPlane training labs.