Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/njgibbon/sek

Live Cloud Resource Security Configuration Scanning.
https://github.com/njgibbon/sek

automation aws cli cloud eks k8s kubernetes scan security test tools

Last synced: 17 days ago
JSON representation

Live Cloud Resource Security Configuration Scanning.

Host: GitHub
URL: https://github.com/njgibbon/sek
Owner: njgibbon
License: mit
Created: 2021-02-02T12:08:20.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2021-09-23T13:16:55.000Z (over 3 years ago)
Last Synced: 2024-11-19T03:13:18.016Z (about 2 months ago)
Topics: automation, aws, cli, cloud, eks, k8s, kubernetes, scan, security, test, tools
Language: Python
Homepage:
Size: 223 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 21
Metadata Files:
- Readme: README.md
- Contributing: contributing.md
- License: LICENSE

Awesome Lists containing this project

README

![sek](images/sek.png)

Live Cloud Resource Security Configuration Scanning.

# Status
Concept / Dev / Test / Pre-pre-release. Trying things and working out how stuff might fit together.

# Overview
Sek scans live Cloud Resources and looks for Security-related misconfiguration.

Sek is intended for immediate fast security feedback when working with a Cloud Resource. Simplifying complex Spot Checks and providing Continuous Compliance / Testing via Automated Pipelines.

Intitially the focus is only on the Cloud Resource components of AWS EKS.

Cloud Resource Check Sets are informed by community best practises and industry standards like the Center for Internet Security Benchmarks. See the Check documentation section for a comprehensive view.

# Checks
Organisation, structure, content, reasoning and support information for all Checks in Sek.

[checks/readme.md](checks/readme.md)

**Example: AWS - EKS**

[checks/aws/eks/readme.md](checks/aws/eks/readme.md)

# Usage
## Install
```
pip3 install sek --upgrade
```

## Configure
CLI flags are currently the only way to control the tool.
### Authentication
#### AWS
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

### Skipping Checks
Find the Check Name(s) / ID(s) in the related Sek Check Document.

Pass the list you would like to Skip as an optional flag like so:
```
--skip a b c
# E.g for AWS - EKS
--skip service-endpoint service-endpoint-firewall
```

## Run
```
sek --cloud=aws --resource=eks --name=name
```

# Permissions
Sek will not utilise any write operations for any check with any cloud provider. Read only access permissions will be sufficient.

# Roadmap
[roadmap.md](roadmap.md)

# Contributing
[contributing.md](contributing.md)

# Related Tools
* Prowler - https://github.com/toniblyx/prowler
* Kube-Bench - https://github.com/aquasecurity/kube-bench
* Checkov - https://github.com/bridgecrewio/checkov
* AWS Security Hub - https://aws.amazon.com/security-hub
* AWS Config - https://aws.amazon.com/config