Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with kubernetes-security

A curated list of projects in awesome lists tagged with kubernetes-security .

https://github.com/aquasecurity/kube-bench

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

cis-benchmark cis-kubernetes-benchmark cis-security hacktoberfest kube-bench kubernetes kubernetes-security openshift

Last synced: 12 May 2025

https://github.com/madhuakula/kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

blueteam cloud-native cloud-security cloudsecurity container container-security devsecops docker hacking infrastructure k8s kubernetes kubernetes-goat kubernetes-security owasp pentesting redteam security vulnerable-app

Last synced: 13 May 2025

https://github.com/walidshaari/certified-kubernetes-security-specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 15 May 2025

https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 08 May 2025

https://github.com/HummerRisk/HummerRisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 01 May 2025

https://github.com/hummerrisk/hummerrisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 14 May 2025

https://github.com/paralus/paralus

All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.

access-management cloud-security k8s-access-management kubernetes-security zero-trust-security ztka

Last synced: 14 May 2025

https://github.com/edgelesssys/constellation

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

cloud-security confidential-computing data-encryption kubernetes kubernetes-security

Last synced: 14 May 2025

https://github.com/HXSecurity/TerraformGoat

TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

aws-security azure-security cloud-security cloudsecurity gcp gcp-security kubernetes-security security terraform

Last synced: 11 May 2025

https://github.com/hxsecurity/terraformgoat

TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

aws-security azure-security cloud-security cloudsecurity gcp gcp-security kubernetes-security security terraform

Last synced: 05 Apr 2025

https://github.com/Vinum-Security/kubernetes-security-checklist

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

checklist cloud-native-security container-security devsecops kubernetes kubernetes-security requirments security

Last synced: 29 Apr 2025

https://github.com/cruise-automation/k-rail

Kubernetes security tool for policy enforcement

k8s kubernetes kubernetes-security policy security

Last synced: 30 Mar 2025

https://github.com/darkbitio/mkit

MKIT is a Managed Kubernetes Inspection Tool that validates several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.

aks aws azure eks gcp gke k8s kubernetes kubernetes-security

Last synced: 01 Apr 2025

https://github.com/paloaltonetworks/rbac-police

Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego

kubernetes kubernetes-rbac kubernetes-security prisma-cloud rbac security

Last synced: 16 May 2025

https://github.com/datadog/managed-kubernetes-auditing-toolkit

All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.

aws-eks aws-security eks kubernetes kubernetes-security managed-kubernetes

Last synced: 06 Apr 2025

https://github.com/Metarget/k0otkit

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

container-escape container-injection container-security fileless-attack hack-k8s k8s kubernetes-security post-penetration reverse-shell

Last synced: 29 Apr 2025

https://github.com/DataDog/managed-kubernetes-auditing-toolkit

All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.

aws-eks aws-security eks kubernetes kubernetes-security managed-kubernetes

Last synced: 13 Apr 2025

https://github.com/metarget/k0otkit

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

container-escape container-injection container-security fileless-attack hack-k8s k8s kubernetes-security post-penetration reverse-shell

Last synced: 13 Apr 2025

https://github.com/r0binak/MTKPI

🧰 Multi Tool Kubernetes Pentest Image

container-security image kubernetes kubernetes-security pentest redteam

Last synced: 11 May 2025

https://github.com/kubewarden/kubewarden-controller

Manage admission policies in your Kubernetes cluster with ease

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 12 Apr 2025

https://github.com/abdennour/certified-kubernetes-security-specialist

References for CKS Exam Objectives - Certified Kubernetes Security Specialist

certification cks ckss golang hardening kubernetes kubernetes-security security

Last synced: 12 May 2025

https://github.com/kubewarden/policy-server

Webhook server that evaluates WebAssembly policies to validate Kubernetes requests

hacktoberfest kubernetes kubernetes-security kubernetes-webhook policy policy-as-code rust webassembly

Last synced: 14 Dec 2024

https://github.com/falcosecurity-retire/falco-security-workshop

Container Security Workshop covering using Falco on Kubernetes.

cncf container-security containers docker kubernetes kubernetes-security

Last synced: 22 Apr 2025

https://github.com/kube-tarian/tarian

Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.

anti-malware anti-virus antimalware antivirus antivirus-software cloudnative containers devsecops ebpf hacktoberfest kubernetes kubernetes-antimalware kubernetes-security microservices runtime-security security security-hardening security-tools shiftleft tarian

Last synced: 09 Apr 2025

https://github.com/appvia/psp-migration

Recreation of common Pod Security Policy configuration in other common Kubernetes policy engines

gatekeeper hacktoberfest k8s kubernetes kubernetes-security kubewarden kyverno opa pod-security-policy podsecuritypolicies podsecuritypolicy policy-as-code psp security yaml

Last synced: 31 Dec 2024

https://github.com/openclarity/kubeclarity

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

kubernetes kubernetes-security sbom scanner security supply-chain vulnerabilities

Last synced: 26 Feb 2025

https://github.com/afyazici/kubernetes-turkce-kaynak

Youtube'da TechWorld with Nina kanalınında yer alan 4 saatlik "Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]" videosunu döküman formatında Türkçeye çeviriyorum.

github-pages kubernetes kubernetes-cluster kubernetes-controller kubernetes-deployment kubernetes-manifests kubernetes-monitoring kubernetes-operator kubernetes-security kubernetes-service kubernetes-setup obsidian-md obsidian-vault turkce-dokuman turkce-kaynak

Last synced: 12 Apr 2025

https://github.com/javiln8/kubnerable

🔭 Kubernetes out-cluster vulnerability scanner

devsecops kubernetes kubernetes-cluster kubernetes-security

Last synced: 08 May 2025

https://github.com/kubescape/github-action

GitHub action to run Kubescape scans

github-actions kubernetes-security kubescape

Last synced: 13 Apr 2025

https://github.com/kubewarden/deprecated-api-versions-policy

A Kubewarden Policy that detects usage of deprecated and dropped Kubernetes resources

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kube-tarian/sigrun

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

artifacts container-security containers containersecurity cosign fulcio gatekeeper kubernetes kubernetes-security kubernetessecurity opa open-policy-agent pods policy-as-code rekor signature signature-verification sigstore

Last synced: 01 May 2025

https://github.com/kubewarden/verify-image-signatures

A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/go-policy-template

A template repository to quickly scaffold a Kubewarden policy written with Go language

go golang hacktoberfest kubernetes kubernetes-security kubewarden-policy-template policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/k8s-objects-generator

CLI tool that generates Kubernetes Go types that can be used with TinyGo starting from the official OpenAPI spec

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/policy-fetcher

Crate used by Kubewarden that is able to pull policies from OCI registries and HTTP servers.

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/pod-privileged-policy

A Kubewarden Policy that limits the ability to create privileged containers

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/allowed-proc-mount-types-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of /proc mount types

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/user-group-psp-policy

This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy that controls containers user and groups

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/apparmor-psp-policy

A Kubewarden Pod Security Policy that controls usage of AppArmor profiles

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/trusted-repos-policy

A Kubewarden policy that restricts what registries, tags and images can pods on your cluster refer to

hacktoberfest kubernetes kubernetes-compliance kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/allow-privilege-escalation-psp-policy

A Kubewarden Pod Security Policy that controls usage of allowPrivilegeEscalation

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/env-variable-secrets-scanner-policy

A Kubewarden Policy that detects secrets (ssh private keys, API tokens, etc) leaked via environment variables

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/allowed-fsgroups-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/k8s-objects

Experimental: Kubernetes Go types that can be used with TinyGo

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/github-actions

GitHub actions used by the Kubewarden project

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/audit-scanner

Reports evaluation of existing Kubernetes resources with your already deployed Kubewarden policies.

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/seccomp-psp-policy

A Kubewarden Pod Security Policy that controls usage of Seccomp profiles

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/hostpaths-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of hostpaths

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/pod-runtime-class-policy

A Kubewarden Policy that controls the usage of Pod runtimeClass

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/volumes-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of volumes

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/volumemounts-policy

A Kubewarden Policy that controls the usage of `volumeMounts`

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/environment-variable-policy

A Kubewarden Policy that controls the usage of environment variables

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/mrofisr/kubernetes-siem-hound

Kubernetes SIEM Hound is a comprehensive security information and event management (SIEM) solution for Kubernetes clusters.

aws cncf eks elasticsearch falco falcosidekick gcp google-cloud ids kibana kubernetes kubernetes-security monitoring siem

Last synced: 17 Mar 2025

https://github.com/sanjid133/vault-kube

Authenticate and retrieve data from @hashicorp-vault via @kubernetes auth method

hashicorp-vault init-container kubernetes kubernetes-secrets kubernetes-security

Last synced: 16 Mar 2025

https://github.com/kubewarden/namespace-label-propagator-policy

Kubewarden policy designed to automatically propagate labels defined in a Kubernetes namespace to the associated resources within that namespace

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/flexvolume-drivers-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the allowed `flexVolume` drivers

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/persistentvolumeclaim-storageclass-policy

Policy that validates and adjusts the usage of StorageClasses in PersistentVolumeClaims

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 14 Dec 2024

https://github.com/kubewarden/rego-policies-library

A collection of Rego policies that can be used to enforce best practices in Kubernetes clusters

compliance gatekeeper hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code rego webassembly

Last synced: 10 Apr 2025

https://github.com/kubewarden/fleet-example

Example of Rancher Fleet bundle for Kubewarden

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 14 Dec 2024