k8sstormcenter / honeycluster
Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - for kind (and GKE, RKE2, AKS)
☆30Updated this week
Alternatives and similar repositories for honeycluster:
Users that are interested in honeycluster are comparing it to the libraries listed below
- Response Engine for managing threats in your Kubernetes☆148Updated this week
- Runtime detection and response for malicious events in Kubernetes workloads☆41Updated 11 months ago
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆57Updated this week
- Kubernetes audit logging, when you don't control the control plane☆67Updated this week
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆80Updated 2 months ago
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆42Updated 2 weeks ago
- A Kubernetes CSI plugin to automatically mount SPIFFE certificates to Pods using ephemeral volumes☆77Updated this week
- Scans SBOMs for vulnerabilities with Grype☆79Updated this week
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- A kubectl plugin to visualize network policies rules.☆94Updated 11 months ago
- K8s-Secret-Expiry-Controller is a Kubernetes operator that manages and tracks the lifespan of Kubernetes secrets.☆14Updated last year
- Github Action to automatically update digests for container images.☆52Updated 3 months ago
- ☆19Updated 5 months ago
- A collection of reusable Github Actions workflows.☆126Updated this week
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆123Updated this week
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆52Updated 2 weeks ago
- Enterprise Distribution for Flux CD☆68Updated this week
- A pane of glass between you and your Kubernetes clusters.☆45Updated last year
- sigstore the hard way!☆110Updated 9 months ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆79Updated last month
- Runtime security plug to protect user containers☆65Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆79Updated this week
- approver-policy is a cert-manager approver that allows users to define policies that restrict what certificates can be requested.☆78Updated this week
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆126Updated last week
- A simple WebUI with latest events from Falco☆117Updated this week
- Falco plugins registry☆87Updated this week
- Monitor cross-zone network traffic in Kubernetes.☆108Updated last month
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- A place for policy work group related proposals and prototypes.☆66Updated last month