{"id":13539269,"url":"https://github.com/kabachook/k8s-security","last_synced_at":"2025-10-13T07:27:46.335Z","repository":{"id":45912955,"uuid":"197130331","full_name":"kabachook/k8s-security","owner":"kabachook","description":"Kubernetes security notes and best practices","archived":false,"fork":false,"pushed_at":"2022-04-15T10:38:14.000Z","size":5564,"stargazers_count":718,"open_issues_count":2,"forks_count":73,"subscribers_count":29,"default_branch":"master","last_synced_at":"2025-04-02T06:35:52.200Z","etag":null,"topics":["attacker","best-practices","checklist","kubernetes","kubernetes-cluster","kubernetes-security","security","vulnerabilities"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kabachook.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-16T06:03:06.000Z","updated_at":"2025-03-26T00:23:09.000Z","dependencies_parsed_at":"2022-08-29T14:11:17.350Z","dependency_job_id":null,"html_url":"https://github.com/kabachook/k8s-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kabachook/k8s-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kabachook%2Fk8s-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kabachook%2Fk8s-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kabachook%2Fk8s-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kabachook%2Fk8s-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kabachook","download_url":"https://codeload.github.com/kabachook/k8s-security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kabachook%2Fk8s-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279014118,"owners_count":26085463,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-13T02:00:06.723Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attacker","best-practices","checklist","kubernetes","kubernetes-cluster","kubernetes-security","security","vulnerabilities"],"created_at":"2024-08-01T09:01:22.677Z","updated_at":"2025-10-13T07:27:46.305Z","avatar_url":"https://github.com/kabachook.png","language":"Shell","funding_links":[],"categories":["Guides","\u003ca id=\"7e840ca27f1ff222fd25bc61a79b07ba\"\u003e\u003c/a\u003e特定目标","Shell","best-practices","\u003ca id=\"4fd96686a470ff4e9e974f1503d735a2\"\u003e\u003c/a\u003eKubernetes"],"sub_categories":["\u003ca id=\"4fd96686a470ff4e9e974f1503d735a2\"\u003e\u003c/a\u003eKubernetes","\u003ca id=\"0476f6b97e87176da0a0d7328f8747e7\"\u003e\u003c/a\u003eblog"],"readme":"# Kubernetes security\n\nThis repo is a collection of kubernetes security stuff and research.\n\n## Overview\n\n- [Security notes](./NOTES.md)\n\n  In-depth research about security of kubernetes features and misconfigurations. Source for all documents below\n\n- [Security hardening and best practices](./HARDENING.md)\n\n  A \"must do\"/best practices list of things to make attacker's life hard\n\n- [Security flags checklist](./FLAGS.md)\n\n  A checklist of flags to quickly test if your cluster has security features enabled.\n\n- [Attacker's guide](./ATTACKER.md)\n\n  A guide for attacker: what to do if he gets to pod/cluster.\n\n  Also, some attacks included\n\n- [Vulnerabilities](./VULN.md)\n\n  Page with sources for security announces and previous vulnerabilities\n\n## Tools\n\n- [k8numerator](./k8numerate/README.md)\n\n  Script for enumerating services in kubernetes cluster. Common services dictionary provided.\n\n## Slides\n\n- [Midterm](https://docs.google.com/presentation/d/1_D1fyl_DO0SGn3lh2lsEGMplRc9TegX8pEhVF9hnX_0/edit?usp=sharing)\n- [Final](https://docs.google.com/presentation/d/18A3dL0GvE6MJOvJtKdZBf-8Gd0E6fJov5BTrnxvKHtQ/edit?usp=sharing)\n\n## References\n\n- [Kubernetes security audit](https://github.com/kubernetes/community/tree/master/wg-security-audit/findings)\n\n  [Tracking issue](https://github.com/kubernetes/kubernetes/issues/81146)\n\n- [Attacking Kubernetes](https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkabachook%2Fk8s-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkabachook%2Fk8s-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkabachook%2Fk8s-security/lists"}