kondukto-io / kntrl
kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined behaviour is detected.
☆60Updated 5 months ago
Alternatives and similar repositories for kntrl:
Users that are interested in kntrl are comparing it to the libraries listed below
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Scans SBOMs for vulnerabilities with Grype☆79Updated this week
- Kubernetes audit logging, when you don't control the control plane☆70Updated this week
- Runtime detection and response for malicious events in Kubernetes workloads☆41Updated 11 months ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆79Updated 2 months ago
- A tool to create, transform and attest VEX metadata☆130Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- An SBOM query language and associated utilities☆54Updated last year
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated 10 months ago
- AI-generated remediations for Falco audit events☆69Updated last year
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆79Updated last week
- sigstore the hard way!☆110Updated 9 months ago
- Runtime security plug to protect user containers☆65Updated last week
- Integrates Spiffe and Vault to have secretless authentication☆87Updated this week
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆42Updated last month
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆57Updated last week
- Response Engine for managing threats in your Kubernetes☆149Updated this week
- a tool to audit the istio service mesh☆173Updated 3 years ago
- A replacement for "kubectl exec" that works over WebSocket connections.☆36Updated 11 months ago
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆65Updated 2 months ago
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated last year
- ☆53Updated this week
- Trivy plugin for OCI referrers☆23Updated 9 months ago
- A pane of glass between you and your Kubernetes clusters.☆45Updated last year
- ☆25Updated 9 months ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆147Updated this week
- ☆93Updated 3 weeks ago