bgeesaman / malicious-complianceLinks
Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"
☆67Updated last year
Alternatives and similar repositories for malicious-compliance
Users that are interested in malicious-compliance are comparing it to the libraries listed below
Sorting:
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆100Updated 5 months ago
- Response Engine for managing threats in your Kubernetes☆163Updated last week
- ☆98Updated 4 months ago
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated last month
- BadRobot - Operator Security Audit Tool☆221Updated this week
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆81Updated last year
- Runtime detection and response for malicious events in Kubernetes workloads☆45Updated last year
- Kubernetes audit logging, when you don't control the control plane☆81Updated last week
- Runtime security plug to protect user containers☆65Updated last week
- A replacement for "kubectl exec" that works over WebSocket connections.☆40Updated last year
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Scans SBOMs for vulnerabilities with Grype☆82Updated last week
- ☆41Updated last month
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- 🧰 Multi Tool Kubernetes Pentest Image☆235Updated 2 months ago
- sigstore the hard way!☆112Updated last year
- ☆74Updated this week
- Catalogue all images of a Kubernetes cluster to multiple targets with Syft☆202Updated last week
- a tool to audit the istio service mesh☆173Updated 3 years ago
- Generate a variety of suspect actions that are detected by Falco rulesets☆105Updated last month
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆44Updated 3 months ago
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated last year
- Create Kubernetes AdmissionReview requests from Kubernetes resource manifests☆156Updated 3 weeks ago
- ☆21Updated 7 months ago
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆55Updated 5 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆97Updated last week
- Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego☆345Updated 3 months ago
- ☆54Updated last week
- Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.☆161Updated last year