armosec / kubecop
Runtime detection and response for malicious events in Kubernetes workloads
☆43Updated last year
Alternatives and similar repositories for kubecop:
Users that are interested in kubecop are comparing it to the libraries listed below
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated this week
- Response Engine for managing threats in your Kubernetes☆154Updated last week
- Kubernetes audit logging, when you don't control the control plane☆73Updated last week
- A simple WebUI with latest events from Falco☆119Updated this week
- A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).☆59Updated last week
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆55Updated this week
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆43Updated 3 weeks ago
- Falco plugins registry☆92Updated last week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆80Updated 3 weeks ago
- Generate a variety of suspect actions that are detected by Falco rulesets☆103Updated last month
- Create Kubernetes AdmissionReview requests from Kubernetes resource manifests☆146Updated 2 weeks ago
- Administrative tooling for Falco☆98Updated last week
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆59Updated last week
- Prometheus Metrics Exporter for Falco output events☆122Updated last month
- Runtime security plug to protect user containers☆65Updated last month
- Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - for kind (and GKE, RKE2, AKS)☆36Updated last week
- Catalogue all images of a Kubernetes cluster to multiple targets with Syft☆199Updated this week
- sigstore the hard way!☆111Updated 11 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆85Updated this week
- Kyverno for any JSON!☆83Updated 3 months ago
- A place for policy work group related proposals and prototypes.☆67Updated 3 months ago
- Scans SBOMs for vulnerabilities with Grype☆80Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆82Updated 3 months ago
- Artifact Ratification Framework (CNCF Sandbox)☆259Updated this week
- A Kubernetes CSI plugin to automatically mount SPIFFE certificates to Pods using ephemeral volumes☆78Updated this week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆129Updated this week
- A replacement for "kubectl exec" that works over WebSocket connections.☆38Updated last year
- BadRobot - Operator Security Audit Tool☆219Updated this week
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆65Updated last week