kubescape / sneeffer
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
☆26Updated last year
Alternatives and similar repositories for sneeffer
Users that are interested in sneeffer are comparing it to the libraries listed below
Sorting:
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated last month
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- Scans SBOMs for vulnerabilities with Grype☆81Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- A place for policy work group related proposals and prototypes.☆67Updated 4 months ago
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆44Updated last month
- Administrative tooling for Falco☆104Updated this week
- Runtime detection and response for malicious events in Kubernetes workloads☆45Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- sigstore the hard way!☆111Updated last year
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆65Updated this week
- Kubernetes audit logging, when you don't control the control plane☆77Updated last week
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆55Updated last week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports☆60Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆92Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆84Updated 4 months ago
- ☆20Updated this week
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆62Updated 3 years ago
- ☆25Updated this week
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆124Updated 3 years ago
- A standalone exporter for vulnerability reports and other CRs created by Trivy Operator (formerly Starboard).☆61Updated this week
- ☆35Updated 3 years ago
- ☆20Updated 9 months ago
- Security advisory data for Wolfi☆17Updated this week
- Response Engine for managing threats in your Kubernetes☆159Updated 2 weeks ago
- sigstore installation walkthrough, local☆58Updated last year
- Run Falco in a GitHub Actions to detect suspicious behavior in your CI/CD☆32Updated last month
- Trust Dexter to ensure that all your images are pinned by digest for better security☆29Updated last year
- (d)ocker(f)ile (c)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆49Updated this week