kubearmor / policy-templatesLinks
Community curated list of System and Network policy templates for the KubeArmor and Cilium
☆44Updated 2 months ago
Alternatives and similar repositories for policy-templates
Users that are interested in policy-templates are comparing it to the libraries listed below
Sorting:
- Discover least permissive security posture, Network Microsegmentation, and Application behaviour based on visibility/observability data e…☆34Updated last month
- A replacement for "kubectl exec" that works over WebSocket connections.☆40Updated last year
- Falco plugins registry☆97Updated last week
- Runtime detection and response for malicious events in Kubernetes workloads☆45Updated last year
- A place for policy work group related proposals and prototypes.☆67Updated 3 weeks ago
- sigstore the hard way!☆113Updated last year
- Response Engine for managing threats in your Kubernetes☆162Updated this week
- Intent driven security automation framework☆25Updated 2 months ago
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆55Updated last month
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆84Updated last week
- Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - The detection capabilities can also be us…☆49Updated this week
- Administrative tooling for Falco☆107Updated this week
- A kubectl plugin to visualize network policies rules.☆96Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆100Updated 5 months ago
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- Generate a variety of suspect actions that are detected by Falco rulesets☆105Updated 3 weeks ago
- A CLI used to work with the Wolfi OSS project☆62Updated this week
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated last month
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆65Updated last week
- The Falco Project Community☆56Updated last week
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated last year
- agent for handling seccomp descriptors for container runtimes☆46Updated last year
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆66Updated this week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆63Updated this week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆134Updated last week
- Enterprise Distribution for Flux CD☆74Updated this week
- Alternate reports storage in Kubernetes outside etcd☆35Updated 3 months ago
- A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).☆61Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆97Updated last week
- A tool for in-depth analysis of container checkpoints☆117Updated 2 weeks ago