kubescape / sneeffer
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
☆26Updated last year
Alternatives and similar repositories for sneeffer:
Users that are interested in sneeffer are comparing it to the libraries listed below
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated last week
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- Scans SBOMs for vulnerabilities with Grype☆80Updated last week
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆43Updated last month
- A replacement for "kubectl exec" that works over WebSocket connections.☆38Updated last year
- ☆35Updated 3 years ago
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- ☆25Updated 11 months ago
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆55Updated this week
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆59Updated last week
- Administrative tooling for Falco☆102Updated this week
- A place for policy work group related proposals and prototypes.☆67Updated 3 months ago
- sigstore the hard way!☆111Updated 11 months ago
- Response Engine for managing threats in your Kubernetes☆158Updated last week
- Run Falco in a GitHub Actions to detect suspicious behavior in your CI/CD☆31Updated last month
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆80Updated last week
- ☆20Updated 8 months ago
- ☆14Updated last week
- A CLI used to work with the Wolfi OSS project☆60Updated this week
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆23Updated 4 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆85Updated this week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆62Updated this week
- Generate a variety of suspect actions that are detected by Falco rulesets☆103Updated last month
- Kubernetes audit logging, when you don't control the control plane☆74Updated this week
- 🔍 Rekor transparency log monitoring and alerting☆27Updated last year
- sigstore installation walkthrough, local☆58Updated 11 months ago
- Transparenty Immutable Container Image Tags☆20Updated last year
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆124Updated 3 years ago