kubescape / sneefferLinks
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
☆26Updated 2 years ago
Alternatives and similar repositories for sneeffer
Users that are interested in sneeffer are comparing it to the libraries listed below
Sorting:
- Scans SBOMs for vulnerabilities with Grype☆85Updated last week
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆25Updated last year
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- sigstore the hard way!☆116Updated 4 months ago
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆129Updated 2 weeks ago
- Administrative tooling for Falco☆116Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated 2 years ago
- BadRobot - Operator Security Audit Tool☆223Updated this week
- ☆20Updated 6 months ago
- Kubernetes audit logging, when you don't control the control plane☆90Updated this week
- A tool to create, transform and attest VEX metadata☆168Updated last week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- 🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)☆37Updated this week
- Runtime security plug to protect user containers☆66Updated this week
- Community curated list of System and Network policy templates for the KubeArmor and Cilium☆49Updated last week
- A replacement for "kubectl exec" that works over WebSocket connections.☆42Updated last year
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- ☆28Updated 7 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆103Updated last week
- A place for policy work group related proposals and prototypes.☆65Updated 6 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆151Updated this week
- sigstore installation walkthrough, local☆62Updated last week
- An admission controller service and kubectl plugin to handle container drift in K8s clusters☆126Updated 4 years ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆111Updated 11 months ago
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆63Updated 4 years ago
- Generate a variety of suspect actions that are detected by Falco rulesets☆112Updated 6 months ago
- Response Engine for managing threats in your Kubernetes☆186Updated last month
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆85Updated 2 weeks ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆31Updated 2 years ago