Monrava / bsidesnyc2023
This repository contains the code used during my demo at BSidesNYC 2023 where I presented a new method for analysing volatile memory in Google Kubernetes Engine (GKE).
☆1Updated 4 months ago
Alternatives and similar repositories for bsidesnyc2023:
Users that are interested in bsidesnyc2023 are comparing it to the libraries listed below
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…☆30Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- ☆41Updated 2 years ago
- Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect☆23Updated this week
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆80Updated this week
- Kubernetes audit logging, when you don't control the control plane☆71Updated last week
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆57Updated this week
- ☆20Updated 10 months ago
- etcd-k8s-extract takes in an etcd data directory or db file used in kubernetes, extracts the kubernetes resources and then writes the res…☆37Updated 2 months ago
- ☆19Updated 5 months ago
- Scans SBOMs for vulnerabilities with Grype☆79Updated last week
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆52Updated this week
- Cedar for Kubernetes brings the power of Cedar to Kubernetes authorization and admission validation, showing how cluster administrators c…☆109Updated last month
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆124Updated 3 years ago
- ☆48Updated 2 years ago
- A Go program to display certificate chains simply and quickly with an easy to remember syntax☆27Updated 4 months ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- sigstore the hard way!☆110Updated 10 months ago
- An SBOM query language and associated utilities☆54Updated last year
- EKS NG AMI Updater is an open source project that can be used to update kubernetes node group images.☆27Updated last week
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆62Updated 3 years ago
- Kubernetes Admission Controller for Image Scanning using OPA☆50Updated last year
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆62Updated this week
- Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - for kind (and GKE, RKE2, AKS)☆32Updated this week
- Github Action to automatically update digests for container images.☆53Updated this week
- Sets up Open Policy Agent CLI in your GitHub Actions workflow.☆48Updated 11 months ago
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆65Updated 2 months ago
- Check images in your charts for vulnerabilities☆41Updated last year