bgeesaman / malicious-compliance
Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"
☆66Updated 11 months ago
Related projects ⓘ
Alternatives and complementary repositories for malicious-compliance
- BadRobot - Operator Security Audit Tool☆215Updated this week
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆121Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆59Updated 8 months ago
- Kubernetes audit logging, when you don't control the control plane☆65Updated this week
- Response Engine for managing threats in your Kubernetes☆132Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- Runtime detection and response for malicious events in Kubernetes workloads☆38Updated 8 months ago
- 🧰 Multi Tool Kubernetes Pentest Image☆215Updated 2 months ago
- Inspect certificate authorities in container images☆228Updated 6 months ago
- ☆21Updated this week
- ☆91Updated 6 months ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆80Updated 9 months ago
- A tool to create, transform and attest VEX metadata☆119Updated this week
- Runtime security plug to protect user containers☆65Updated this week
- Create Kubernetes AdmissionReview requests from Kubernetes resource manifests☆109Updated 2 weeks ago
- a tool to audit the istio service mesh☆173Updated 3 years ago
- Scans SBOMs for vulnerabilities with Grype☆79Updated last week
- Catalogue all images of a Kubernetes cluster to multiple targets with Syft☆194Updated this week
- VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities☆101Updated last month
- A replacement for "kubectl exec" that works over WebSocket connections.☆35Updated 7 months ago
- Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego☆338Updated 11 months ago
- Process documentation, non-code deliverables, and miscellaneous artifacts of Kubernetes SIG Security☆170Updated 2 weeks ago
- KBOM - Kubernetes Bill of Materials☆308Updated 3 weeks ago
- ☆228Updated this week
- sigstore the hard way!☆110Updated 6 months ago
- ☆51Updated 8 months ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆125Updated 2 years ago
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆70Updated last year
- A collection of tools to improve your containerized apps security posture☆131Updated 5 months ago