gchq / nix-bootstrap
Easily generate reproducible infrastructure
☆27Updated last week
Related projects ⓘ
Alternatives and complementary repositories for nix-bootstrap
- Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures.☆59Updated last year
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆70Updated last year
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆21Updated 2 months ago
- Slack alert bot for matching Github Audit Events☆10Updated last week
- Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runti…☆54Updated 6 months ago
- ☆84Updated 4 months ago
- ☆9Updated 7 months ago
- Automated determination of which AWS services run where☆20Updated this week
- Securing open-source package ecosystems by originating, validating, and augmenting build attestations.☆32Updated last week
- ☆15Updated 4 months ago
- Red team tool that emulates the SolarWinds CI compromise attack vector.☆22Updated 8 months ago
- A collection of Docker and Kubernetes resources☆18Updated 2 years ago
- Repository to archive GCP Documentation for local use☆13Updated 2 weeks ago
- A simple mitmproxy blueprint to intercept HTTPS traffic from app running on Kubernetes☆64Updated 4 months ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆59Updated 8 months ago
- ☆20Updated 6 months ago
- A convenience tool to generate and store certificates for Hubble Relay mTLS☆21Updated 3 weeks ago
- A meta-database collecting resources that compile lists of breaches☆18Updated 2 weeks ago
- An automated Windows 11 Desktop Packer project that sets up SSH, WinRM, and virtualization additions☆15Updated last year
- ☆74Updated 3 months ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated last year
- Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG App…☆49Updated this week
- Simple tool to identify and remediate the use of the AWS EC2 IMDSv1.☆16Updated 3 years ago
- ☆24Updated 6 months ago
- Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - for kind (and GKE, RKE2, AKS)☆22Updated 2 weeks ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆49Updated 2 years ago
- Compare vulnerability scanners results (to make them better!)☆15Updated this week
- ☆42Updated last year
- Capture The Flag Challenge for eBPF Summit 2022☆18Updated 2 years ago
- A proof-of-concept Linux clone of Santa, Google's binary authorization system for macOS☆30Updated last year