Monrava / bsidesnyc2023
This repository contains the code used during my demo at BSidesNYC 2023 where I presented a new method for analysing volatile memory in Google Kubernetes Engine (GKE).
☆1Updated 6 months ago
Alternatives and similar repositories for bsidesnyc2023:
Users that are interested in bsidesnyc2023 are comparing it to the libraries listed below
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect☆23Updated 3 weeks ago
- K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…☆30Updated last year
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆124Updated 3 years ago
- ☆19Updated 7 months ago
- Kubernetes audit logging, when you don't control the control plane☆74Updated this week
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆66Updated 4 months ago
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆59Updated this week
- Scans SBOMs for vulnerabilities with Grype☆80Updated last week
- ☆20Updated last year
- Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - for kind (and GKE, RKE2, AKS)☆43Updated this week
- ☆19Updated last month
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆55Updated 2 weeks ago
- EKS NG AMI Updater is an open source project that can be used to update kubernetes node group images.☆27Updated last week
- etcd-k8s-extract takes in an etcd data directory or db file used in kubernetes, extracts the kubernetes resources and then writes the res…☆37Updated 4 months ago
- ☆74Updated 2 weeks ago
- An SBOM query language and associated utilities☆54Updated last year
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- Runtime security plug to protect user containers☆65Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆89Updated this week
- Sets up Open Policy Agent CLI in your GitHub Actions workflow.☆49Updated last year
- Kubernetes Admission Controller for Image Scanning using OPA☆50Updated last year
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆62Updated this week
- ☆48Updated 2 years ago
- Run Falco in a GitHub Actions to detect suspicious behavior in your CI/CD☆31Updated last month
- This repository contains examples of Kyverno policies for controlling the creation of Cilium Network policies☆20Updated last year
- This tool allows using a SPIFFE JWT to authenticate to AWS APIs☆34Updated 11 months ago
- sigstore installation walkthrough, local☆58Updated last year
- sigstore the hard way!☆111Updated 11 months ago