kondukto-io / kntrl
kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined behaviour is detected. For more: https://kntrl.dev
☆63Updated last week
Alternatives and similar repositories for kntrl:
Users that are interested in kntrl are comparing it to the libraries listed below
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated 11 months ago
- AI-generated remediations for Falco audit events☆70Updated last year
- An SBOM query language and associated utilities☆54Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated last year
- Scans SBOMs for vulnerabilities with Grype☆79Updated this week
- A tool to create, transform and attest VEX metadata☆133Updated this week
- Runtime Security Solution for your CI/CD Pipeline☆100Updated 2 weeks ago
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- Runtime security plug to protect user containers☆65Updated last month
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆79Updated 3 months ago
- CLI to interact with Kondukto☆26Updated last week
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- kubectl plugin to print Kubernetes resource conditions☆83Updated last month
- Response Engine for managing threats in your Kubernetes☆152Updated this week
- ☆53Updated this week
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆43Updated last week
- Kubernetes audit logging, when you don't control the control plane☆71Updated last week
- sigstore the hard way!☆110Updated 10 months ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- ☆74Updated last week
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated last year
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆62Updated 3 years ago
- a tool to audit the istio service mesh☆173Updated 3 years ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆81Updated this week
- ☆112Updated 2 months ago
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆65Updated 3 months ago
- Runtime detection and response for malicious events in Kubernetes workloads☆43Updated last year
- kubectl plugin to query Pods by Node names or selectors☆123Updated 3 weeks ago
- Enrich SBOMs with data from third party services☆162Updated last month
- ☆56Updated 2 years ago