bgeesaman / malicious-complianceView external linksLinks
Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"
☆67Dec 9, 2023Updated 2 years ago
Alternatives and similar repositories for malicious-compliance
Users that are interested in malicious-compliance are comparing it to the libraries listed below
Sorting:
- Trust Dexter to ensure that all your images are pinned by digest for better security☆31Nov 8, 2023Updated 2 years ago
- ☆37Apr 23, 2024Updated last year
- ☆14Sep 20, 2023Updated 2 years ago
- micromize is a security hardening tool designed to detect and break the post-exploit kill chain for containerized applications, leveragin…☆43Jan 6, 2026Updated last month
- Harness the security superpowers of your cloud asset inventory☆11Sep 22, 2024Updated last year
- Kubernetes release team shadow program application analysis☆14Jan 15, 2024Updated 2 years ago
- Play with KinD and OIDC volumes☆15Oct 24, 2021Updated 4 years ago
- Collection of tools for producing and exploring OmniBOR data.☆22Oct 31, 2024Updated last year
- Menubar for smart GitHub pull request tracking & notifications☆30Feb 9, 2026Updated last week
- Scans SBOMs for vulnerabilities with Grype☆85Feb 9, 2026Updated last week
- The official repository of ICSME'23 paper "Exploring Security Commits in Python"☆18Jul 12, 2023Updated 2 years ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆26Dec 17, 2024Updated last year
- Trivy plugin for OCI referrers☆23May 13, 2024Updated last year
- ☆22Dec 17, 2025Updated 2 months ago
- ☆20Feb 5, 2026Updated last week
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆22May 4, 2023Updated 2 years ago
- Sigstore user stories☆30Aug 25, 2023Updated 2 years ago
- ☆24Updated this week
- Website and API for OpenSSF Scorecard☆28Updated this week
- Test that OpenSSL is configured to be FIPS-compliant☆30Jan 16, 2026Updated last month
- kubernetes-for-soc aims to fast-track the learning curve for SOC analysts by enabling them to swiftly grasp the essential concepts and kn…☆57Dec 18, 2023Updated 2 years ago
- Docker Desktop Extension for Trivy☆26Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Apr 17, 2023Updated 2 years ago
- The CNCF Public Sector User Group aims to serve as a hub for discussing and advancing cloud computing within the public sector, utilizing…☆34Jan 22, 2026Updated 3 weeks ago
- AppArmor and Seccomp profiles for K8S images☆25Dec 9, 2025Updated 2 months ago
- #supply #chain #attack #detection☆642Updated this week
- Pentester-focused Docker registry tool to enumerate and pull images☆36Oct 19, 2025Updated 3 months ago
- ☆29Aug 9, 2024Updated last year
- Plugin for Helm to integrate the sigstore ecosystem☆67Jan 28, 2026Updated 2 weeks ago
- Explanation on what a CRI (Container Runtime Interface) is and how to write it from scratch.☆33Sep 15, 2024Updated last year
- A repo listing all the Cilium Weekly videos!☆33Aug 29, 2025Updated 5 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆514Updated this week
- kubernetes rootkit☆34Dec 18, 2023Updated 2 years ago
- Visualizer for GUAC☆29Updated this week
- Spotter is a comprehensive Kubernetes security scanner that uses CEL-based rules to identify security vulnerabilities, misconfigurations,…☆70Sep 13, 2025Updated 5 months ago
- This repository contains tooling used to build the EKS Distro, and all the projects contained in https://github.com/aws/eks-distro.☆83Updated this week
- A collection of reusable Github Actions workflows.☆157Updated this week
- CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices☆143Updated this week
- Exploring the Power of Metrics Collection with OpenTelemetry on Kubernetes☆32Jan 15, 2024Updated 2 years ago