appvia/cosign-keyless-admission-webhook

Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect

Language: JavaScript - Size: 153 KB - Last synced: about 9 hours ago - Pushed: about 14 hours ago - Stars: 22 - Forks: 1

project-copacetic/copacetic

🧵 CLI tool for directly patching container images using reports from vulnerability scanners

Language: Go - Size: 10.8 MB - Last synced: about 17 hours ago - Pushed: about 18 hours ago - Stars: 812 - Forks: 54

Metarget/metarget

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

Language: Python - Size: 3.53 MB - Last synced: about 18 hours ago - Pushed: 26 days ago - Stars: 1,015 - Forks: 161

Metarget/k0otkit

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

Language: Shell - Size: 4.64 MB - Last synced: about 18 hours ago - Pushed: over 2 years ago - Stars: 263 - Forks: 50

cdk-team/CDK

📦 Make security testing of K8s, Docker, and Containerd easier.

Language: Go - Size: 9.44 MB - Last synced: 4 days ago - Pushed: 4 days ago - Stars: 3,674 - Forks: 529

trendmicro/tmas-scan-action

Vision One Container Security Scan Action

Language: Shell - Size: 30.3 KB - Last synced: 5 days ago - Pushed: 3 months ago - Stars: 6 - Forks: 3

jetstack/paranoia

Inspect certificate authorities in container images

Language: Go - Size: 307 KB - Last synced: about 3 hours ago - Pushed: 10 days ago - Stars: 219 - Forks: 8

sysdiglabs/kube-psp-advisor

Help building an adaptive and fine-grained pod security policy

Language: Go - Size: 253 KB - Last synced: 3 days ago - Pushed: 7 months ago - Stars: 328 - Forks: 41

koslib/awesome-containerized-security

A collection of tools to improve your containerized apps security posture

Size: 51.8 KB - Last synced: 2 days ago - Pushed: about 1 month ago - Stars: 124 - Forks: 12

madhuakula/kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Language: HTML - Size: 122 MB - Last synced: 21 days ago - Pushed: about 2 months ago - Stars: 3,877 - Forks: 650

vchinnipilli/kubestriker

A Blazing fast Security Auditing tool for Kubernetes

Language: Python - Size: 22 MB - Last synced: 16 days ago - Pushed: about 2 months ago - Stars: 979 - Forks: 106

Code-Triarii/ccse-ccsne-cks-cka-road-to-container-expert-trainings-security

This repository contains useful resources for preparing and obtaining the CCSE (Certified Container Security Expert) certification of practical devsecops organizations.

Language: Shell - Size: 8.55 MB - Last synced: 27 days ago - Pushed: 27 days ago - Stars: 0 - Forks: 0

mathieu-benoit/kubernetes-security

WIP - List of best practices about Security with Kubernetes and containers

Size: 10.7 KB - Last synced: about 1 month ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0

mathieu-benoit/cartservice 📦

My own cartservice coming from the GoogleCloudPlatform/microservices-demo repository

Language: C# - Size: 346 KB - Last synced: about 1 month ago - Pushed: over 1 year ago - Stars: 0 - Forks: 2

blues-man/vote-app-gitops

A demo of cloud-native Inner Loop and Outer Loop controlling a 2-tier app (Python + Go) with Red Hat OpenShift using Tekton Pipelines, Argo CD GitOps, Eclipse Che aka OpenShift DevSpaces and Quay.io registry

Language: Smarty - Size: 2.82 MB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 11 - Forks: 43

wazuh/wazuh

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Language: C - Size: 356 MB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 9,056 - Forks: 1,425

Metarget/awesome-cloud-native-security

awesome resources about cloud native security 🐿

Size: 83 KB - Last synced: about 18 hours ago - Pushed: 7 months ago - Stars: 299 - Forks: 51

ErdemOzgen/DevSecOpsBuilder

Automatic DevSecOps builder

Language: Python - Size: 1.52 MB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 6 - Forks: 2

brant-ruan/awesome-container-escape

collections of container escape techniques 🐿

Size: 4.88 KB - Last synced: 21 days ago - Pushed: about 3 years ago - Stars: 64 - Forks: 11

pjbgf/zaz 📦

A command line tool to automatically generate seccomp profiles.

Language: Go - Size: 2.16 MB - Last synced: about 1 month ago - Pushed: about 3 years ago - Stars: 24 - Forks: 4

CanonicalLtd/canonical-kubernetes-third-party-integrations 📦

Official repository for Canonical Kubernetes Third Party Integration Documentation

Size: 3.59 MB - Last synced: about 1 month ago - Pushed: over 5 years ago - Stars: 10 - Forks: 4

slimdevops/slim-containers

Tutorials, examples, and streaming notes

Language: Python - Size: 140 MB - Last synced: 22 days ago - Pushed: about 1 year ago - Stars: 21 - Forks: 8

chaitin/veinmind-tools

veinmind-tools 是由长亭科技自研，基于 veinmind-sdk 打造的容器安全工具集

Language: Go - Size: 20.1 MB - Last synced: 2 months ago - Pushed: 4 months ago - Stars: 1,452 - Forks: 172

r0binak/MTKPI

🧰 Multi Tool Kubernetes Pentest Image

Language: Shell - Size: 8.36 MB - Last synced: 2 months ago - Pushed: 7 months ago - Stars: 189 - Forks: 13

CloudDefenseAI/falco_extended_rules

Curating Falco rules with MITRE ATT&CK Matrix

Language: Python - Size: 102 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 62 - Forks: 9

chaitin/libveinmind

一个由长亭自研，直观而可扩展的容器安全 SDK

Language: Go - Size: 277 KB - Last synced: 27 days ago - Pushed: 12 months ago - Stars: 115 - Forks: 19

syn-4ck/fafnir-sec

fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.

Language: Python - Size: 14.3 MB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 2 - Forks: 0

falcosecurity-retire/falco-security-workshop 📦

Container Security Workshop covering using Falco on Kubernetes.

Language: Python - Size: 4.59 MB - Last synced: 3 months ago - Pushed: about 3 years ago - Stars: 104 - Forks: 41

Vinum-Security/kubernetes-security-checklist

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

Size: 111 KB - Last synced: 3 months ago - Pushed: over 2 years ago - Stars: 450 - Forks: 88

twistlock/whoc

A container image that exfiltrates the underlying container runtime to a remote server

Language: C - Size: 206 KB - Last synced: 2 months ago - Pushed: over 1 year ago - Stars: 125 - Forks: 11

mikeroyal/OpenShift-Guide

OpenShift Guide. Learn about the Red Hat OpenShift Container Platform, Data Science, Code Ready Containers, Podman, Buildah, and Kubernetes.

Language: Python - Size: 247 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 130 - Forks: 28

0xN3utr0n/Kanis

Advanced threat detection solution for Linux.

Language: Go - Size: 151 KB - Last synced: 3 months ago - Pushed: over 3 years ago - Stars: 33 - Forks: 4

mathieu-benoit/mathieu-benoit.github.io

The content of my blog hosted at: https://mathieu-benoit.github.io/

Language: HTML - Size: 3.9 MB - Last synced: 27 days ago - Pushed: 27 days ago - Stars: 2 - Forks: 3

grantseltzer/karn

Simplifying Seccomp enforcement in containerized or non-containerized apps

Language: Go - Size: 3.49 MB - Last synced: 7 months ago - Pushed: over 3 years ago - Stars: 110 - Forks: 13

ellerbrock/docker-security-images

:closed_lock_with_key: Docker Container for Penetration Testing & Security

Size: 5.86 KB - Last synced: 7 months ago - Pushed: over 5 years ago - Stars: 206 - Forks: 34

AkihiroSuda/cni-isolation 📦

CNI Bridge Isolation Plugin (Merged into the firewall plugin v1.1.0)

Language: Go - Size: 69.3 KB - Last synced: about 1 month ago - Pushed: about 2 years ago - Stars: 9 - Forks: 1

paulveillard/cybersecurity-container-security

An ongoing & curated collection of awesome frameworks, and most important libraries, videos, learning tutorials , tools and and cool stuff about containers.

Language: Shell - Size: 3.57 MB - Last synced: 9 months ago - Pushed: over 1 year ago - Stars: 27 - Forks: 3

onzack/kube-scout

Vulnerability Management Tool for Kubernetes and Containers

Language: Vue - Size: 111 KB - Last synced: 9 months ago - Pushed: over 1 year ago - Stars: 6 - Forks: 1

HoussemDellai/kubernetes-allowed-registries-policy

Demoing whitelisting Container Registries in Kubernetes using OPA/Gatekeeper policy.

Size: 364 KB - Last synced: 9 months ago - Pushed: over 3 years ago - Stars: 5 - Forks: 7

sysdiglabs/security-playground

This is a sample application which runs an HTTP web server and allows to read and write files and exec commands

Language: Python - Size: 23.4 KB - Last synced: 10 months ago - Pushed: about 1 year ago - Stars: 2 - Forks: 8

litneet64/containerized-bomb-disposal

Set of dockerfiles meant for throw-away instances that achieve a singular purpose: to "safely" interact (run, play, unzip, etc) with programs or files without the need of a full VM to avoid compromise of the host machine. Think of it as a bomb disposal device for files you don't trust that much but still need to run, unzip or play.

Language: Dockerfile - Size: 41 KB - Last synced: 10 months ago - Pushed: over 3 years ago - Stars: 0 - Forks: 0

kube-tarian/sigrun

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

Language: Go - Size: 702 KB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 11 - Forks: 3

null-open-security-community/Cloud-Project

Size: 6.84 KB - Last synced: 3 days ago - Pushed: over 3 years ago - Stars: 7 - Forks: 2

darkwizard242/ansible-role-trivy

Ansible role for Trivy. Available on Ansible Galaxy.

Language: Python - Size: 43.9 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 3 - Forks: 0

lawndoc/seccomp-ci-demo

Automate seccomp filter generation in your CI pipeline

Language: Python - Size: 24.4 KB - Last synced: 21 days ago - Pushed: about 1 year ago - Stars: 0 - Forks: 2

felipecosta09/c1cs

Trend Micro Cloud One Container Security Scan Action

Language: Shell - Size: 38.1 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 1 - Forks: 1

fortify/fortify-ssc-parser-tenable-io-cs

Fortify SSC Parser Plugin for Tenable.io Container Security results

Language: Java - Size: 146 KB - Last synced: 29 days ago - Pushed: about 1 year ago - Stars: 1 - Forks: 0

mmadil/pwnage

Sample container image to demonstrate attack scenarios in containerized cluster environments.

Language: Dockerfile - Size: 2.93 KB - Last synced: about 1 month ago - Pushed: almost 3 years ago - Stars: 2 - Forks: 0

anchore/ci-tools 📦

Contains scripts for running anchore engine in CI pipelines

Language: Shell - Size: 373 KB - Last synced: about 1 year ago - Pushed: almost 2 years ago - Stars: 35 - Forks: 33

lightspin-tech/eks-creation-engine

The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.

Language: Python - Size: 85.9 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 39 - Forks: 12

nikhilnayak98/csvs

Security for Virtualization Systems Project

Language: Shell - Size: 118 KB - Last synced: about 1 year ago - Pushed: almost 2 years ago - Stars: 0 - Forks: 0

bsteen/cloud-covert-channels 📦

Creating covert channels in Linux-based cloud container environments

Language: C - Size: 2.45 MB - Last synced: about 1 year ago - Pushed: about 2 years ago - Stars: 1 - Forks: 2

veilair/docker-development

An ongoing curated list of awesome frameworks, important books, articles, talks, libraries, learning tutorials, best practices and technical resources about Docke

Size: 375 KB - Last synced: 4 months ago - Pushed: over 2 years ago - Stars: 1 - Forks: 0

anchore/circleci-orbs

Repo for all Anchore circleci orb source code

Language: JavaScript - Size: 84 KB - Last synced: about 1 year ago - Pushed: over 2 years ago - Stars: 0 - Forks: 5

rahulroy1/oc-container-runtime-security

Implementing Container Runtime security monitoring in Redhat Openshift using Falco

Size: 987 KB - Last synced: about 1 year ago - Pushed: almost 3 years ago - Stars: 2 - Forks: 0

stelligent/aws-anchore-engine-scanner

This guide details steps and procedures you can follow to create, launch and implement your own standalone container scanning solution within AWS ecosystem. This approach uses an opensource container scanning tool called Anchore Engine as a proof-of-concept and provides examples of how Anchore integrates with your favorite CI/CD systems orchestration platforms.

Language: Python - Size: 961 KB - Last synced: about 1 year ago - Pushed: over 4 years ago - Stars: 8 - Forks: 3

sysdiglabs/secure-image-scanning

Image scanning with Sysdig Secure

Language: Shell - Size: 13.7 KB - Last synced: about 1 year ago - Pushed: about 4 years ago - Stars: 0 - Forks: 3