kubescape / sneefferLinks
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
☆26Updated last year
Alternatives and similar repositories for sneeffer
Users that are interested in sneeffer are comparing it to the libraries listed below
Sorting:
- Scans SBOMs for vulnerabilities with Grype☆85Updated 2 weeks ago
- sigstore the hard way!☆117Updated 3 weeks ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated 2 weeks ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆23Updated 8 months ago
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- BadRobot - Operator Security Audit Tool☆222Updated 2 weeks ago
- Administrative tooling for Falco☆110Updated this week
- Runtime security plug to protect user containers☆66Updated this week
- A replacement for "kubectl exec" that works over WebSocket connections.☆40Updated last year
- A place for policy work group related proposals and prototypes.☆66Updated 3 months ago
- ☆21Updated 3 months ago
- a tool to audit the istio service mesh☆173Updated 3 years ago
- ☆20Updated 3 months ago
- Kubernetes audit logging, when you don't control the control plane☆85Updated this week
- ☆56Updated last week
- Run Falco in a GitHub Actions to detect suspicious behavior in your CI/CD☆42Updated 2 months ago
- A tool to create, transform and attest VEX metadata☆153Updated last week
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆47Updated this week
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆63Updated 4 years ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆109Updated 8 months ago
- Kubernetes security and vulnerability tools and utilities.☆57Updated 4 years ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆68Updated last week
- ☆44Updated 3 months ago
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Response Engine for managing threats in your Kubernetes☆170Updated 2 weeks ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆30Updated last year
- Generate a variety of suspect actions that are detected by Falco rulesets☆107Updated 3 months ago
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆88Updated 2 weeks ago