kondukto-io / kntrl
kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined behaviour is detected. For more: https://kntrl.dev
☆108Updated last week
Alternatives and similar repositories for kntrl:
Users that are interested in kntrl are comparing it to the libraries listed below
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆95Updated 2 weeks ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆82Updated 3 months ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- A tool for preventing the installation of malicious PyPI and npm packages☆134Updated this week
- Runtime Security Solution for your CI/CD Pipeline☆101Updated last month
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆30Updated 6 months ago
- A full insecure kubernetes application for testing security tools☆70Updated this week
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆39Updated 7 months ago
- The security workflow engine!☆110Updated this week
- ☆72Updated 3 months ago
- ☆176Updated 5 months ago
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆58Updated last year
- ☆54Updated last week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆42Updated 10 months ago
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.☆53Updated 3 months ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆81Updated last year
- ☆21Updated 5 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆40Updated last year
- ☆112Updated 3 months ago
- ☆62Updated this week
- AWS honey token manager☆87Updated 8 months ago
- Compares and analyzes GCP IAM roles.☆77Updated last month
- An SBOM query language and associated utilities☆54Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- ☆63Updated 3 months ago
- Security tool against dependency typosquatting attacks☆39Updated this week
- Scan GitHub Actions Workflow logs for IOCs☆15Updated this week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆171Updated 5 months ago
- Semgrep-based Policy Controller for Kubernetes☆47Updated 3 weeks ago