kondukto-io / kntrl
kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined behaviour is detected.
☆59Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for kntrl
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- Runtime security plug to protect user containers☆65Updated this week
- Kubernetes audit logging, when you don't control the control plane☆65Updated this week
- Scans SBOMs for vulnerabilities with Grype☆79Updated last week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆95Updated 7 months ago
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆66Updated 11 months ago
- AI-generated remediations for Falco audit events☆69Updated last year
- An SBOM query language and associated utilities☆54Updated 10 months ago
- A tool to create, transform and attest VEX metadata☆119Updated this week
- a tool to audit the istio service mesh☆173Updated 3 years ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- Response Engine for managing threats in your Kubernetes☆132Updated this week
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆76Updated this week
- BadRobot - Operator Security Audit Tool☆215Updated last week
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆139Updated this week
- sigstore the hard way!☆110Updated 6 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆73Updated this week
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Runtime detection and response for malicious events in Kubernetes workloads☆38Updated 8 months ago
- Kubernetes Admission Controller for Image Scanning using OPA☆50Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆59Updated 8 months ago
- A replacement for "kubectl exec" that works over WebSocket connections.☆35Updated 7 months ago
- A collection of tools to improve your containerized apps security posture☆131Updated 5 months ago
- ☆56Updated 2 years ago
- ☆74Updated 3 months ago
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆63Updated this week
- Software signing just got easier☆15Updated 11 months ago
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆65Updated 3 months ago
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆57Updated 2 weeks ago