slashben / beat-ac-cosign-verifierLinks
This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures
☆12Updated 2 years ago
Alternatives and similar repositories for beat-ac-cosign-verifier
Users that are interested in beat-ac-cosign-verifier are comparing it to the libraries listed below
Sorting:
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆62Updated 2 weeks ago
- sigstore the hard way!☆111Updated last year
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆23Updated 5 months ago
- Anchore Kubernetes Inventory can poll Kubernetes Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-u…☆65Updated last week
- ☆20Updated this week
- ☆27Updated 3 weeks ago
- Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect☆23Updated last month
- A replacement for "kubectl exec" that works over WebSocket connections.☆39Updated last year
- Kubernetes audit logging, when you don't control the control plane☆79Updated this week
- Runtime security plug to protect user containers☆65Updated last month
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆62Updated 3 years ago
- This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls…☆55Updated last month
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated last year
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆82Updated last month
- Sigstore user stories☆30Updated last year
- Scans SBOMs for vulnerabilities with Grype☆82Updated this week
- The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.☆125Updated 2 weeks ago
- Trivy kubernetes library☆37Updated this week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆132Updated this week
- An query language and interactive tooling to work with SBOM data.☆14Updated 7 months ago
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆67Updated 5 months ago
- ☆19Updated 8 months ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆64Updated this week
- 🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their sig…☆78Updated last year
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- This repository contains the code used during my demo at BSidesNYC 2023 where I presented a new method for analysing volatile memory in G…☆1Updated 7 months ago
- ☆35Updated 3 years ago
- ☆20Updated 3 weeks ago
- Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - for kind (and GKE, RKE2, AKS)☆45Updated last week