/awesome-kubernetes-security

A curated list of awesome Kubernetes security resources

🔒 awesome-kubernetes-security Awesome

A curated list of awesome Kubernetes security resources. Can you dig it?

Open Source Projects

  • aad-pod-identity - Assign Azure AD idenitites to pods in Kubernetes, in order to access Azure resources
  • audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs
  • CDK - Zero Dependency Container Penetration Toolkit
  • Deepfence ThreatMapper - Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless
  • cnspec - Scan Kubernetes clusters, containers, and manifest files for vulnerabilities and misconfigurations
  • falco - Container Native Runtime Security
  • KBOM - Kubernetes Bill of Materials Toolkit
  • kdigger - Kubernetes focused container assessment and context discovery tool for penetration testing
  • kiam - Integrate AWS IAM with Kubernetes
  • kube-bench - Check whether Kubernetes is deployed according to security best practics
  • kube-hunter - Hunt for security weaknesses in Kubernetes clusters
  • kube-psp-advisor - Help building an adaptive and fine-grained pod security policy
  • kube-scan - k8s cluster risk assessment tool
  • kubescape - k8s risk analysis, security compliance, and misconfiguration scanning.
  • kubelight - WIP but promising - OWASP project to scan your Kubernetes Cluster for Security & Compliance.
  • Kubei - Vulnerabilities scanner for Kubernetes clusters
  • kube2iam - Provide different AWS IAM roles for pods running on Kubernetes
  • kubeaudit - Audit your Kubernetes clusters against common security controls
  • kubectl-bindrole - Find Kubernetes roles bound to a specified ServiceAccount, Group or User
  • kubectl-dig - Deep Kubernetes visibility from the kubectl
  • kubectl-kubesec - Scan Kubernetes pods, deployments, daemonsets and statefulsets with kubesec.io
  • kubectl-who-can - Show who has permissions to <verb> <resource> in Kubernetes
  • OWASP Top Ten for Kubernetes - The Top Ten is a prioritized list of these risks backed by data collected from organizations varying in maturity and complexity
  • terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
  • kyverno - Kubernetes Native Policy Management
  • netchecks - Tool to validate assumptions about the network
  • rakkess - Review access matrix for Kubernetes server resources
  • rback - RBAC in Kubernetes visualizer
  • red-kube - K8S Adversary Emulation Based on kubectl
  • steampipe - Use SQL to query your cloud services (AWS, Azure, GCP and more) running Kubernetes
  • steampipe-kubernetes - Use SQL to query your Kubernetes resources
  • steampipe-kubernetes-compliance - Kubernetes compliance scanning tool for CIS, NSA & CISA Cybersecurity technical report for Kubernetes hardening.
  • trivy - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
  • trivy-operator - Kubernetes-native security (Vulnerabilities,IaC MisConfig,Exposed Secrets,RBAC Assessment,Compliance and more) toolkit for kubernetes
  • kubernetes-rbac-audit - Tool for auditing RBACs in Kubernetes
  • kubernetes-external-secrets - Tool to get External Secrets from Hashicorp Vault and AWS SSM
  • vault-secrets-operator - An operator to create Kubernetes secrets from Vault for a secure GitOps based workflow

General Resources

Twitter Accounts