kubescape / sneeffer
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
☆26Updated last year
Alternatives and similar repositories for sneeffer:
Users that are interested in sneeffer are comparing it to the libraries listed below
- Scans SBOMs for vulnerabilities with Grype☆79Updated this week
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- sigstore the hard way!☆110Updated 8 months ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆123Updated 2 weeks ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆64Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆77Updated 3 weeks ago
- A place for policy work group related proposals and prototypes.☆65Updated 2 weeks ago
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆42Updated 3 months ago
- Kubernetes audit logging, when you don't control the control plane☆67Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- A tool to create, transform and attest VEX metadata☆126Updated this week
- Security advisory data for Wolfi☆13Updated this week
- ☆35Updated 3 years ago
- sigstore installation walkthrough, local☆57Updated 8 months ago
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆57Updated this week
- ☆25Updated 8 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆79Updated this week
- ☆20Updated 6 months ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆61Updated this week
- Generate a variety of suspect actions that are detected by Falco rulesets☆101Updated this week
- A CLI used to work with the Wolfi OSS project☆59Updated this week
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆50Updated last month
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆79Updated last month
- A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).☆59Updated last week
- Response Engine for managing threats in your Kubernetes☆147Updated this week
- Runtime security plug to protect user containers☆65Updated this week
- ☆21Updated this week