container-security

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A Blazing fast Security Auditing tool for Kubernetes

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

Help building an adaptive and fine-grained pod security policy

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

awesome resources about cloud native security 🐿

🔐 Docker Container for Penetration Testing & Security

Simplifying Seccomp enforcement in containerized or non-containerized apps

A container image that exfiltrates the underlying container runtime to a remote server

Container Security Workshop covering using Falco on Kubernetes.

一个由长亭自研，直观而可扩展的容器安全 SDK

Contains scripts for running anchore engine in CI pipelines

Advanced threat detection solution for Linux.

Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect

collections of container escape techniques 🐿

The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.

Official repository for Canonical Kubernetes Third Party Integration Documentation

CNI Bridge Isolation Plugin (Merged into the firewall plugin v1.1.0)

This guide details steps and procedures you can follow to create, launch and implement your own standalone container scanning solution within AWS ecosystem. This approach uses an opensource container scanning tool called Anchore Engine as a proof-of-concept and provides examples of how Anchore integrates with your favorite CI/CD systems orchestration platforms.

Vulnerability Management Tool for Kubernetes and Containers

A collection of tools to improve your containerized apps security posture

A demo of cloud-native Inner Loop and Outer Loop controlling a 2-tier app (Python + Go) with Red Hat OpenShift using Tekton Pipelines, Argo CD GitOps, Eclipse Che aka Codeready Workspaces and Quay.io registry

Demoing whitelisting Container Registries in Kubernetes using OPA/Gatekeeper policy.

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

Implementing Container Runtime security monitoring in Redhat Openshift using Falco

Ansible role for Trivy. Available on Ansible Galaxy.

This is a sample application which runs an HTTP web server and allows to read and write files and exec commands