Kubescape

Kubernetes E2E open-source security for DevOps

Pinned Repositories

cel-admission-library
This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls, see here a comlete list https://hub.armosec.io/docs/controls
Language:Python41 4 36
github-action
GitHub action to run Kubescape scans
Language:Shell17 2 1519
helm-charts
Kubescape can run as a set of microservices inside a Kubernetes cluster. This allows you to continually monitor the status of a cluster, including for compliance and vulnerability management
Language:Smarty26 5 3137
kapprofiler
Generate an application profile containing metrics/properties for Kubernetes workloads based on runtime behavior.
Language:C14 2 73
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
Language:Go9.9k 97 467823
kubevuln
Kubevuln is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.
Language:Go17 1 1919
lens-extension
A Lens extension for viewing Kubescape security information
Language:TypeScript50 3 106
regolibrary
The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.
Language:Open Policy Agent112 5 4048
sneeffer
Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is based on application monitoring using eBPF and Falco base libraries and writes results in Kubernetes CRDs
Language:Go25 4 67
vscode-kubescape
Kubescape extension for Visual Studio Code
Language:TypeScript15 1 410

Kubescape's Repositories

kubescape/kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
Language:Go9.9k 97 467823
kubescape/regolibrary
The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.
Language:Open Policy Agent112 5 4048
kubescape/cel-admission-library
This projects contains pre-made policies for Kubernetes Validating Admission Policies. This policy library is based on Kubescape controls, see here a comlete list https://hub.armosec.io/docs/controls
Language:Python41 4 36
kubescape/helm-charts
Kubescape can run as a set of microservices inside a Kubernetes cluster. This allows you to continually monitor the status of a cluster, including for compliance and vulnerability management
Language:Smarty26 5 3137
kubescape/github-action
GitHub action to run Kubescape scans
Language:Shell17 2 1519
kubescape/kubevuln
Kubevuln is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.
Language:Go17 1 1919
kubescape/vscode-kubescape
Kubescape extension for Visual Studio Code
Language:TypeScript15 1 410
kubescape/kapprofiler
Generate an application profile containing metrics/properties for Kubernetes workloads based on runtime behavior.
Language:C14 2 73
kubescape/go-git-url
Package for parsing git url and executing git api calls
Language:Go11 3 210
kubescape/operator
Operator is an in-cluster component of the Kubescape security platform. It allows clients to connect to itself, listens for commands from the connected clients and controls other in-cluster components according to received commands.
Language:Go10 2 320
kubescape/opa-utils
Kubescape utils for opa scanning
Language:Go8 5 924
kubescape/node-agent
Language:C6 3 64
kubescape/k8s-interface
Kubescape wrapper for the Kubernetes interface
Language:Go5 1 111
kubescape/kubescape-network-scanner
Network scan and service discovery package
Language:Go3 3 135
kubescape/kollector
Kollector is an in-cluster component of the Kubescape security platform. It Communicates with the Kubernetes API server to collect cluster information and watches for changes in the cluster.
Language:Go2 2 111
kubescape/kwok-bench
A toolkit to efficiently create large-scale, simulated Kubernetes clusters for testing and benchmarking applications using KWOK.
Language:Python2 3 02
kubescape/prometheus-exporter
Language:Go2 5 03
kubescape/workflows
This repository is testing and building the Kubescape components images using GitHub workflows
Language:Shell2 4 28
kubescape/docker-desktop-extension
Kubescape extension for Docker Desktop
Language:TypeScript1 3 03
kubescape/gateway
Gateway is an in-cluster component of the Kubescape security platform. It broadcasts a message received to its registered clients. When a client registers itself in a Gateway it must provide a set of attributes, which will serve as identification, for message routing purposes.
Language:Go1 1 06
kubescape/homebrew-tap
Homebrew tap for Kubescape
Language:Ruby1 1 23
kubescape/kubescape.io
kubescape.io website
Language:HTML1 3 18
kubescape/packaging
Packaging scripts that allow installation of Kubescape through various package manager.
Language:Shell1 1 02
kubescape/storage
Language:Go1 3 45
kubescape/synchronizer
Language:Go1 3 03
kubescape/backend
Language:Go3 0
kubescape/http-request
The http-request package is meant to replace the curl command by a simple go script that runs an HTTP request
Language:Go2 13
kubescape/messaging
Kubescape's messaging package - a collection of wrapper code around Pulsar to quickly and easily connect to Pulsar brokers, send and receive messages, and message queues and topics management.
Language:Go3 02
kubescape/regolibrary-dev
Language:Open Policy Agent3 0
kubescape/workshops
3 0