kubescape / sneefferLinks
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
☆26Updated last year
Alternatives and similar repositories for sneeffer
Users that are interested in sneeffer are comparing it to the libraries listed below
Sorting:
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- Scans SBOMs for vulnerabilities with Grype☆82Updated last week
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated last month
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- ☆20Updated 3 weeks ago
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆44Updated 3 months ago
- sigstore the hard way!☆112Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆97Updated last week
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- ☆35Updated 3 years ago
- A replacement for "kubectl exec" that works over WebSocket connections.☆40Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- ☆14Updated 2 months ago
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆84Updated 2 weeks ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆100Updated 5 months ago
- Runtime detection and response for malicious events in Kubernetes workloads☆45Updated last year
- Kubernetes audit logging, when you don't control the control plane☆81Updated last week
- ☆19Updated 3 weeks ago
- ☆41Updated last month
- Security advisory data for Wolfi☆19Updated this week
- A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).☆61Updated last week
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆55Updated last month
- a tool to audit the istio service mesh☆173Updated 3 years ago
- A place for policy work group related proposals and prototypes.☆67Updated last month
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆65Updated last week
- sigstore installation walkthrough, local☆61Updated last year
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆60Updated 2 weeks ago
- 🔍 Rekor transparency log monitoring and alerting☆27Updated last year
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆63Updated last week