kubernetes-security

There are 18 repositories under kubernetes-security topic.

aquasecurity / kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
cis-benchmark cis-kubernetes-benchmark cis-security hacktoberfest kube-bench kubernetes kubernetes-security openshift
Language:Go 6635
techiescamp / kubernetes-learning-path
A roadmap to learn Kubernetes from scratch (Beginner to Advanced level)
k8s kubernetes kubernetes-cluster kubernetes-deployment kubernetes-learning kubernetes-learning-apth kubernetes-security kubernetes-setup
6491
kubernetes-goat
madhuakula / kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
blueteam cloud-native cloud-security cloudsecurity container container-security devsecops docker hacking infrastructure k8s kubernetes kubernetes-goat kubernetes-security owasp pentesting redteam security vulnerable-app
Language:HTML 3860
cdk-team / CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
blackhat cloud-native cloud-native-security container container-escape container-security docker exploits hacktools hitb k8s k8s-penetration-toolkit kernel-exploitation kubernetes kubernetes-security linux penetration penetration-testing-tools privilege-escalation vulnerabilities
Language:Go 3621
Certified-Kubernetes-Security-Specialist
walidshaari / Certified-Kubernetes-Security-Specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
kubernetes-security kubernetes cks ckss kernel-hardening exam-objectives os-footprint security seccomp apparmor falco kube-hunter kube-bench trivy pod certification policy mitre-attack pod-security-policy open-policy-agent
Language:AGS Script 1914
HummerRisk / HummerRisk
HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。
cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability
Language:Java 1741
DataDog / stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
aws adversary-emulation purple-team mitre-attack cloud-security cloud-native-security detection-engineering threat-detection security aws-security azure-security kubernetes-security gcp-security
Language:Go 1613
kubeclarity
openclarity / kubeclarity
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
effortless-integrations kubernetes kubernetes-security sbom scanner security supply-chain vulnerabilities
Language:Go 1254
metarget
Metarget / metarget
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
cloud-native cloud-native-security container container-escape container-security kernel-exploitation kubernetes kubernetes-security privilege-escalation target vulnerabilities vulnerable-infrastructure vulnerable-infrastructures vulnerable-scenes
Language:Python 996
vchinnipilli / kubestriker
A Blazing fast Security Auditing tool for Kubernetes
aks automation aws azure container-security containers devops docker docker-security eks gke informationsecurity infosec kubernetes kubernetes-security security security-audit security-tools
Language:Python 977
paralus
paralus / paralus
All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.
access-management cloud-security k8s-access-management kubernetes-security zero-trust-security ztka
Language:Go 922
ksoclabs / awesome-kubernetes-security
A curated list of awesome Kubernetes security resources
awesome-list kubernetes kubernetes-security
882
constellation
edgelesssys / constellation
Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.
cloud-security confidential-computing data-encryption kubernetes kubernetes-security
Language:Go 863
kabachook / k8s-security
Kubernetes security notes and best practices
kubernetes kubernetes-cluster security kubernetes-security best-practices checklist vulnerabilities attacker
Language:Shell 705
ViktorUJ / cks
Open-source Platform for learning kubernetes and aws eks and preparation for for Certified Kubernetes exams (CKA ,CKS , CKAD)
aws cka ckad cks k8s terraform terragrunt apparmor falco kubernetes-security seccomp eks gvisor kubernetes kubernetes-cluster opa kubeadm certified-kubernetes-security-specialist kubernetes-learning learn-kubernetes
Language:Shell 640
DataDog / KubeHound
Kubernetes Attack Graph
adversary-emulation attack-graph attack-paths cloud-native-security exploit kubernetes kubernetes-security mitre-attack purple-team red-team security-audit security-automation security-tools
Language:Go 614
HXSecurity / TerraformGoat
TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.
aws-security azure-security cloud-security cloudsecurity gcp gcp-security kubernetes-security security terraform
Language:HCL 499
Vinum-Security / kubernetes-security-checklist
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)
checklist cloud-native-security container-security devsecops kubernetes kubernetes-security requirments security
452
eBPF-Guide
mikeroyal / eBPF-Guide
eBPF (extended Berkeley Packet Filter) Guide. Learn all about the eBPF Tools and Libraries for Security, Monitoring , and Networking.
ebpf network-analysis observability packet-sniffer traffic-monitoring bpf vulnerability-detection infrastructure-monitoring performance-monitoring real-user-monitoring distributed-tracing tracing ebpf-programs kubernetes-cluster falco open-telemetry kubernetes-security log-analysis xdp sandbox
Language:Go 450
cruise-automation / k-rail
Kubernetes security tool for policy enforcement
kubernetes security kubernetes-security k8s policy
Language:Go 444
darkbitio / mkit
MKIT is a Managed Kubernetes Inspection Tool that validates several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.
aks aws azure eks gcp gke k8s kubernetes kubernetes-security
Language:Dockerfile 400
rbac-police
PaloAltoNetworks / rbac-police
Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
kubernetes kubernetes-rbac kubernetes-security prisma-cloud rbac security
Language:Go 320
Metarget / awesome-cloud-native-security
awesome resources about cloud native security 🐿
cloud-native container-security cloud-native-security kubernetes-security container-escape k8s kubernetes container docker docker-security serverless serverless-security cloud-security cloud-computing
298
Metarget / k0otkit
k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.
container-escape container-injection container-security fileless-attack hack-k8s k8s kubernetes-security post-penetration reverse-shell
Language:Shell 262
DataDog / managed-kubernetes-auditing-toolkit
All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.
aws-eks aws-security eks kubernetes kubernetes-security managed-kubernetes
Language:Go 228
developer-guy / awesome-falco
A curated list of Falco related tools, frameworks, blogs, podcasts, and articles
sysdig-falco falco-security falco-outputs kubernetes-security falcosidekick awesome falco container-runtime-security
197
r0binak / MTKPI
🧰 Multi Tool Kubernetes Pentest Image
image kubernetes pentest redteam container-security kubernetes-security
Language:Shell 192
kubewarden / kubewarden-controller
Manage admission policies in your Kubernetes cluster with ease
hacktoberfest kubernetes kubernetes-security policy-as-code webassembly
Language:Go 177
abdennour / certified-kubernetes-security-specialist
References for CKS Exam Objectives - Certified Kubernetes Security Specialist
kubernetes security certification golang kubernetes-security cks ckss hardening
137
kubewarden / policy-server
Webhook server that evaluates WebAssembly policies to validate Kubernetes requests
hacktoberfest kubernetes kubernetes-security kubernetes-webhook policy policy-as-code rust webassembly
Language:Rust 132
stacksimplify / google-kubernetes-engine
Google Kubernetes Engine GKE with DevOps 75 Real-World Demos
gke google google-cloud-platform google-dns kubernetes kubernetes-deployment kubernetes-in-docker kubernetes-ingress kubernetes-secrets kubernetes-security kubernetes-service google-cloud-build google-cloud-sdk google-cloud-storage
Language:HTML 106
falcosecurity-retire / falco-security-workshop
Container Security Workshop covering using Falco on Kubernetes.
containers kubernetes kubernetes-security container-security docker cncf
Language:Python 104
OWASP / KubeLight
OWASP Kubernetes security and compliance tool [WIP]
kubernetes cis compliance containers docker kubernetes-security nsa pci-dss sbom security python security-tools owasp cve-scanning devsecops scanner vulnerability-management
Language:Python 97
CloudDefenseAI / falco_extended_rules
Curating Falco rules with MITRE ATT&CK Matrix
cloudsecurity devops devsecops kuberentes security cnapp cspm security-tools threat-analysis vulnerability-detection vulnerability-scanners falco malware threat threat-modeling container-security kubernetes-security malware-analysis workload-security zero-day
Language:Python 70
kubewarden / kwctl
Go-to CLI tool for Kubewarden users
hacktoberfest kubernetes kubernetes-security policy-as-code webassembly
Language:Rust 69
vedmichv / CKS-Certified-Kubernetes-Security-Specialist
Shortlist of preparation materials to pass CKS exam
cks-exam-preparation k8s kubernetes-security
Language:HTML 64

kubernetes-security

aquasecurity / kube-bench

techiescamp / kubernetes-learning-path

madhuakula / kubernetes-goat

cdk-team / CDK

walidshaari / Certified-Kubernetes-Security-Specialist

HummerRisk / HummerRisk

DataDog / stratus-red-team

openclarity / kubeclarity

Metarget / metarget

vchinnipilli / kubestriker

paralus / paralus

ksoclabs / awesome-kubernetes-security

edgelesssys / constellation

kabachook / k8s-security

ViktorUJ / cks

DataDog / KubeHound

HXSecurity / TerraformGoat

Vinum-Security / kubernetes-security-checklist

mikeroyal / eBPF-Guide

cruise-automation / k-rail

darkbitio / mkit

PaloAltoNetworks / rbac-police

Metarget / awesome-cloud-native-security

Metarget / k0otkit

DataDog / managed-kubernetes-auditing-toolkit

developer-guy / awesome-falco

r0binak / MTKPI

kubewarden / kubewarden-controller

abdennour / certified-kubernetes-security-specialist

kubewarden / policy-server

stacksimplify / google-kubernetes-engine

falcosecurity-retire / falco-security-workshop

OWASP / KubeLight

CloudDefenseAI / falco_extended_rules

kubewarden / kwctl

vedmichv / CKS-Certified-Kubernetes-Security-Specialist