Awesome-Mirrors/awesome-cybersecurity-blueteam
1
0
Fork 0
mirror of https://github.com/fabacab/awesome-cybersecurity-blueteam.git synced 2025-01-30 16:13:39 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add Kubernetes sub-section to "Cloud platform security" section.

Browse Source 
Adds KubeSec, Polaris, and kube-hunter projects.
This commit is contained in:
fabacab 2021-02-06 08:01:38 -05:00
parent a70e0cb5fa
commit 741d8e9905
No known key found for this signature in database
GPG Key ID: B0303BF6BA36A560
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -20,6 +20,7 @@ Many cybersecurity professionals enable racist state violence, wittingly or unwi
- [Code libraries and bindings](#code-libraries-and-bindings)
- [Security Orchestration, Automation, and Response (SOAR)](#security-orchestration-automation-and-response-soar)
- [Cloud platform security](#cloud-platform-security)
- [Kubernetes](#kubernetes)
- [Communications security (COMSEC)](#communications-security-comsec)
- [DevSecOps](#devsecops)
- [Application or Binary Hardening](#application-or-binary-hardening)
@ -86,11 +87,17 @@ See also [asecure.cloud/tools](https://asecure.cloud/tools/).
- [Falco](https://falco.org/) - Behavioral activity monitor designed to detect anomalous activity in containerized applications, hosts, and network packet flows by auditing the Linux kernel and enriched by runtime data such as Kubernetes metrics.
- [Istio](https://istio.io/) - Open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
- [Kata Containers](https://katacontainers.io/) - Secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a second layer of defense.
- [Managed Kubernetes Inspection Tool (MKIT)](https://github.com/darkbitio/mkit) - Query and validate several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.
- [Prowler](https://github.com/toniblyx/prowler) - Tool based on AWS-CLI commands for Amazon Web Services account security assessment and hardening.
- [Scout Suite](https://github.com/nccgroup/ScoutSuite) - Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
- [gVisor](https://github.com/google/gvisor) - Application kernel, written in Go, that implements a substantial portion of the Linux system surface to provide an isolation boundary between the application and the host kernel.
### Kubernetes
- [KubeSec](https://kubesec.io/) - Static analyzer of Kubernetes manifests that can be run locally, as a Kuberenetes admission controller, or as its own cloud service.
- [Managed Kubernetes Inspection Tool (MKIT)](https://github.com/darkbitio/mkit) - Query and validate several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.
- [Polaris](https://polaris.docs.fairwinds.com/) - Validates Kubernetes best practices by running tests against code commits, a Kubernetes admission request, or live resources already running in a cluster.
- [kube-hunter](https://kube-hunter.aquasec.com/) - Open-source tool that runs a set of tests ("hunters") for security issues in Kubernetes clusters from either outside ("attacker's view") or inside a cluster.
## Communications security (COMSEC)
See also [Transport-layer defenses](#transport-layer-defenses).