kubearmor / policy-templates
Community curated list of System and Network policy templates for the KubeArmor and Cilium
☆42Updated last month
Related projects ⓘ
Alternatives and complementary repositories for policy-templates
- Discover least permissive security posture, Network Microsegmentation, and Application behaviour based on visibility/observability data e…☆31Updated last year
- Intent driven security automation framework☆25Updated last week
- A replacement for "kubectl exec" that works over WebSocket connections.☆35Updated 7 months ago
- Falco plugins registry☆86Updated this week
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆79Updated last week
- A place for policy work group related proposals and prototypes.☆64Updated last month
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆57Updated last week
- Generate a variety of suspect actions that are detected by Falco rulesets☆94Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆66Updated 11 months ago
- sigstore the hard way!☆110Updated 6 months ago
- Alternate reports storage in Kubernetes outside etcd☆25Updated this week
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated last year
- Scans SBOMs for vulnerabilities with Grype☆79Updated last week
- Runtime detection and response for malicious events in Kubernetes workloads☆38Updated 8 months ago
- Response Engine for managing threats in your Kubernetes☆132Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆58Updated this week
- Administrative tooling for Falco☆87Updated this week
- Policy Reporter UI☆31Updated this week
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆63Updated this week
- A tool for in-depth analysis of container checkpoints☆101Updated this week
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆121Updated this week
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆48Updated last week
- 🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their sig…☆76Updated 7 months ago
- A simple WebUI with latest events from Falco☆112Updated this week
- Create Kubernetes AdmissionReview requests from Kubernetes resource manifests☆109Updated 2 weeks ago
- A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).☆58Updated this week
- Kubernetes audit logging, when you don't control the control plane☆65Updated this week
- A Kubernetes CSI plugin to automatically mount SPIFFE certificates to Pods using ephemeral volumes☆76Updated this week
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆125Updated 2 years ago
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆123Updated this week