2019-05-21 22:19:55 +00:00
# :lock: awesome-kubernetes-security [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
2019-05-26 20:05:49 +00:00
A curated list of awesome Kubernetes security resources. Can you dig it?
2020-01-24 17:25:02 +00:00
## Open Source Projects
2021-11-24 16:04:37 +00:00
- [aad-pod-identity ](https://github.com/Azure/aad-pod-identity/ ) - Assign Azure AD idenitites to pods in Kubernetes, in order to access Azure resources
2019-05-26 20:13:56 +00:00
- [audit2rbac ](https://github.com/liggitt/audit2rbac ) - Autogenerate RBAC policies based on Kubernetes audit logs
2023-07-06 10:21:12 +00:00
- [CDK ](https://github.com/cdk-team/CDK ) - Zero Dependency Container Penetration Toolkit
2021-12-02 17:08:02 +00:00
- [Deepfence ThreatMapper ](https://github.com/deepfence/ThreatMapper ) - Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless
2023-02-17 00:56:12 +00:00
- [cnspec ](https://cnspec.io ) - Scan Kubernetes clusters, containers, and manifest files for vulnerabilities and misconfigurations
2020-01-24 17:25:02 +00:00
- [falco ](https://github.com/falcosecurity/falco ) - Container Native Runtime Security
2023-07-06 10:24:47 +00:00
- [KBOM ](https://github.com/ksoclabs/kbom ) - Kubernetes Bill of Materials Toolkit
2023-03-06 16:40:31 +00:00
- [kdigger ](https://github.com/quarkslab/kdigger ) - Kubernetes focused container assessment and context discovery tool for penetration testing
2019-05-26 20:13:56 +00:00
- [kiam ](https://github.com/uswitch/kiam ) - Integrate AWS IAM with Kubernetes
- [kube-bench ](https://github.com/aquasecurity/kube-bench ) - Check whether Kubernetes is deployed according to security best practics
- [kube-hunter ](https://github.com/aquasecurity/kube-hunter ) - Hunt for security weaknesses in Kubernetes clusters
- [kube-psp-advisor ](https://github.com/sysdiglabs/kube-psp-advisor ) - Help building an adaptive and fine-grained pod security policy
2020-01-24 17:25:02 +00:00
- [kube-scan ](https://github.com/octarinesec/kube-scan ) - k8s cluster risk assessment tool
2023-06-09 07:37:11 +00:00
- [kubescape ](https://github.com/kubescape/kubescape ) - k8s risk analysis, security compliance, and misconfiguration scanning.
- [kubelight - WIP but promising ](https://github.com/OWASP/KubeLight ) - OWASP project to scan your Kubernetes Cluster for Security & Compliance.
2021-12-12 15:04:56 +00:00
- [Kubei ](https://github.com/Portshift/kubei ) - Vulnerabilities scanner for Kubernetes clusters
2019-05-26 20:13:56 +00:00
- [kube2iam ](https://github.com/jtblin/kube2iam ) - Provide different AWS IAM roles for pods running on Kubernetes
- [kubeaudit ](https://github.com/Shopify/kubeaudit ) - Audit your Kubernetes clusters against common security controls
- [kubectl-bindrole ](https://github.com/Ladicle/kubectl-bindrole ) - Find Kubernetes roles bound to a specified ServiceAccount, Group or User
- [kubectl-dig ](https://github.com/sysdiglabs/kubectl-dig ) - Deep Kubernetes visibility from the kubectl
- [kubectl-kubesec ](https://github.com/stefanprodan/kubectl-kubesec ) - Scan Kubernetes pods, deployments, daemonsets and statefulsets with kubesec.io
2020-01-24 17:28:00 +00:00
- [kubectl-who-can ](https://github.com/aquasecurity/kubectl-who-can ) - Show who has permissions to \<verb\> \<resource\> in Kubernetes
2022-09-09 13:41:29 +00:00
- [OWASP Top Ten for Kubernetes ](https://owasp.org/www-project-kubernetes-top-ten/ ) - The Top Ten is a prioritized list of these risks backed by data collected from organizations varying in maturity and complexity
2021-12-08 00:06:32 +00:00
- [terrascan ](https://github.com/accurics/terrascan ) - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
2020-01-30 17:31:18 +00:00
- [kyverno ](https://github.com/nirmata/kyverno ) - Kubernetes Native Policy Management
2023-06-19 06:22:43 +00:00
- [netchecks ](https://github.com/hardbyte/netchecks/ ) - Tool to validate assumptions about the network
2019-05-26 20:13:56 +00:00
- [rakkess ](https://github.com/corneliusweig/rakkess ) - Review access matrix for Kubernetes server resources
2021-01-13 01:36:54 +00:00
- [rback ](https://github.com/team-soteria/rback ) - RBAC in Kubernetes visualizer
2023-07-06 10:24:47 +00:00
- [red-kube ](https://github.com/lightspin-tech/red-kube ) - K8S Adversary Emulation Based on kubectl
2021-12-09 16:06:59 +00:00
- [steampipe ](https://github.com/turbot/steampipe ) - Use SQL to query your cloud services (AWS, Azure, GCP and more) running Kubernetes
- [steampipe-kubernetes ](https://github.com/turbot/steampipe-plugin-kubernetes ) - Use SQL to query your Kubernetes resources
- [steampipe-kubernetes-compliance ](https://github.com/turbot/steampipe-mod-kubernetes-compliance ) - Kubernetes compliance scanning tool for CIS, NSA & CISA Cybersecurity technical report for Kubernetes hardening.
2020-01-24 17:29:29 +00:00
- [trivy ](https://github.com/aquasecurity/trivy ) - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
2023-01-11 07:58:54 +00:00
- [trivy-operator ](https://github.com/aquasecurity/trivy-operator ) - Kubernetes-native security (Vulnerabilities,IaC MisConfig,Exposed Secrets,RBAC Assessment,Compliance and more) toolkit for kubernetes
2020-05-10 16:07:35 +00:00
- [kubernetes-rbac-audit ](https://github.com/cyberark/kubernetes-rbac-audit ) - Tool for auditing RBACs in Kubernetes
2021-12-12 00:57:27 +00:00
- [kubernetes-external-secrets ](https://github.com/external-secrets/kubernetes-external-secrets ) - Tool to get External Secrets from Hashicorp Vault and AWS SSM
2022-04-13 02:34:34 +00:00
- [vault-secrets-operator ](https://github.com/ricoberger/vault-secrets-operator ) - An operator to create Kubernetes secrets from Vault for a secure GitOps based workflow
2020-01-24 17:25:02 +00:00
## General Resources
- [Kubernetes Security and Disclosure Information ](https://kubernetes.io/docs/reference/issues-security/security/ )
- [Kubernetes Security ](https://kubernetes-security.info/ )
- [GKE Security Bulletins ](https://cloud.google.com/kubernetes-engine/docs/security-bulletins )
2020-10-27 13:47:04 +00:00
- [CKS Certified Kubernetes Security Specialist resources repo ](https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist )
2021-10-14 14:50:38 +00:00
- [Kubernetes Security Checklist and Requirements ](https://github.com/Vinum-Security/kubernetes-security-checklist )
2021-12-07 22:33:57 +00:00
- [OWASP Kubernetes Security Cheatsheet ](https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html )
2021-11-30 17:06:20 +00:00
- [Securing Kubernetes Clusters ](https://www.cyberark.com/resources/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions )
2023-01-16 13:29:38 +00:00
- [Kubernetes Security : 6 Best Practices for 4C Security Model ](https://spacelift.io/blog/kubernetes-security )
2020-01-24 17:25:02 +00:00
## Twitter Accounts
2020-10-27 13:47:04 +00:00
- [Andrew Martin ](https://twitter.com/sublimino )
2020-01-24 17:25:02 +00:00
- [Ann N Wallace ](https://twitter.com/annnwallace )
- [Annabelle Bertucio ](https://twitter.com/WhyHiAnnabelle )
- [Brad Geessaman ](https://twitter.com/bradgeesaman )
- [Duffie Cooley ](https://twitter.com/mauilion )
- [Erik St. Martin ](https://twitter.com/erikstmartin )
- [Greg Castle ](https://twitter.com/mrgcastle )
- [Ian Coldwater ](https://twitter.com/iancoldwater )
- [Jimmy Mesta ](https://twitter.com/jimmesta )
- [Jordan Liggitt ](https://twitter.com/liggitt )
- [learnk8s ](https://twitter.com/learnk8s )
- [Liz Rice ](https://twitter.com/lizrice )
- [Mark Manning ](https://twitter.com/antitree )
- [Maya Kaczorowski ](https://twitter.com/MayaKaczorowski )
- [Michael Ducy ](https://twitter.com/mfdii )
- [Michael Hausenblas ](https://twitter.com/mhausenblas )
- [Peter Benjamin ](https://twitter.com/petermbenjamin )
- [Rory McCune ](https://twitter.com/raesene )
- [Tabitha Sable ](https://twitter.com/TabbySable )
- [Tim Allclair ](https://twitter.com/tallclair )
- [Timothy St. Clair ](https://twitter.com/timothysc )
2021-12-08 00:06:32 +00:00
- [Sangam Biradar ](https://github.com/sangam14 )