kubescape / sneeffer
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
☆26Updated last year
Alternatives and similar repositories for sneeffer:
Users that are interested in sneeffer are comparing it to the libraries listed below
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆123Updated 3 weeks ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- Scans SBOMs for vulnerabilities with Grype☆79Updated this week
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆43Updated last week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- ☆25Updated 10 months ago
- A replacement for "kubectl exec" that works over WebSocket connections.☆38Updated last year
- sigstore the hard way!☆110Updated 10 months ago
- Administrative tooling for Falco☆97Updated this week
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆57Updated this week
- A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).☆59Updated this week
- Runtime detection and response for malicious events in Kubernetes workloads☆43Updated last year
- A kubectl plugin to visualize network policies rules.☆96Updated last year
- A place for policy work group related proposals and prototypes.☆66Updated 2 months ago
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆52Updated 3 weeks ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Trivy kubernetes library☆34Updated this week
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆80Updated last week
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆124Updated 3 years ago
- a tool to audit the istio service mesh☆173Updated 3 years ago
- Kubernetes Stranger Danger☆62Updated last year
- ☆35Updated 3 years ago
- A tool to create, transform and attest VEX metadata☆133Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated last year
- A CLI used to work with the Wolfi OSS project☆60Updated this week
- Intent driven security automation framework☆25Updated last week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆81Updated this week
- sigstore installation walkthrough, local☆57Updated 11 months ago
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆62Updated 3 years ago