awesome-kubernetes-security/README.md

# :lock: awesome-kubernetes-security [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

A curated list of awesome Kubernetes security resources. Can you dig it?

## Open Source Projects

- [audit2rbac](https://github.com/liggitt/audit2rbac) - Autogenerate RBAC policies based on Kubernetes audit logs
- [falco](https://github.com/falcosecurity/falco) - Container Native Runtime Security
- [kiam](https://github.com/uswitch/kiam) - Integrate AWS IAM with Kubernetes
- [kube-bench](https://github.com/aquasecurity/kube-bench) - Check whether Kubernetes is deployed according to security best practics
- [kube-hunter](https://github.com/aquasecurity/kube-hunter) - Hunt for security weaknesses in Kubernetes clusters
- [kube-psp-advisor](https://github.com/sysdiglabs/kube-psp-advisor) - Help building an adaptive and fine-grained pod security policy
- [kube-scan](https://github.com/octarinesec/kube-scan) - k8s cluster risk assessment tool
- [kube2iam](https://github.com/jtblin/kube2iam) - Provide different AWS IAM roles for pods running on Kubernetes
- [kubeaudit](https://github.com/Shopify/kubeaudit) - Audit your Kubernetes clusters against common security controls
- [kubectl-bindrole](https://github.com/Ladicle/kubectl-bindrole) - Find Kubernetes roles bound to a specified ServiceAccount, Group or User
- [kubectl-dig](https://github.com/sysdiglabs/kubectl-dig) - Deep Kubernetes visibility from the kubectl
- [kubectl-kubesec](https://github.com/stefanprodan/kubectl-kubesec) - Scan Kubernetes pods, deployments, daemonsets and statefulsets with kubesec.io
- [kubectl-who-can](https://github.com/aquasecurity/kubectl-who-can) - Show who has permissions to \<verb\> \<resource\> in Kubernetes
- [rakkess](https://github.com/corneliusweig/rakkess) - Review access matrix for Kubernetes server resources
- [rback](https://github.com/mhausenblas/rback) - RBAC in Kubernetes visualizer
- [trivy](https://github.com/aquasecurity/trivy) - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

## General Resources

- [Kubernetes Security and Disclosure Information](https://kubernetes.io/docs/reference/issues-security/security/)
- [Kubernetes Security](https://kubernetes-security.info/)
- [GKE Security Bulletins](https://cloud.google.com/kubernetes-engine/docs/security-bulletins)

## Twitter Accounts

- [Ann N Wallace](https://twitter.com/annnwallace)
- [Annabelle Bertucio](https://twitter.com/WhyHiAnnabelle)
- [Brad Geessaman](https://twitter.com/bradgeesaman)
- [Duffie Cooley](https://twitter.com/mauilion)
- [Erik St. Martin](https://twitter.com/erikstmartin)
- [Greg Castle](https://twitter.com/mrgcastle)
- [Ian Coldwater](https://twitter.com/iancoldwater)
- [Jimmy Mesta](https://twitter.com/jimmesta)
- [Jordan Liggitt](https://twitter.com/liggitt)
- [learnk8s](https://twitter.com/learnk8s)
- [Liz Rice](https://twitter.com/lizrice)
- [Mark Manning](https://twitter.com/antitree)
- [Maya Kaczorowski](https://twitter.com/MayaKaczorowski)
- [Michael Ducy](https://twitter.com/mfdii)
- [Michael Hausenblas](https://twitter.com/mhausenblas)
- [Peter Benjamin](https://twitter.com/petermbenjamin)
- [Rory McCune](https://twitter.com/raesene)
- [Tabitha Sable](https://twitter.com/TabbySable)
- [Tim Allclair](https://twitter.com/tallclair)
- [Timothy St. Clair](https://twitter.com/timothysc)
initial commit 2019-05-21 22:19:55 +00:00			`# :lock: awesome-kubernetes-security [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)`
Add initial list of Kubernetes security tool 2019-05-26 20:05:49 +00:00
			`A curated list of awesome Kubernetes security resources. Can you dig it?`

Updates 2020-01-24 17:25:02 +00:00			`## Open Source Projects`

Add descriptions 2019-05-26 20:13:56 +00:00			`- [audit2rbac](https://github.com/liggitt/audit2rbac) - Autogenerate RBAC policies based on Kubernetes audit logs`
Updates 2020-01-24 17:25:02 +00:00			`- [falco](https://github.com/falcosecurity/falco) - Container Native Runtime Security`
Add descriptions 2019-05-26 20:13:56 +00:00			`- [kiam](https://github.com/uswitch/kiam) - Integrate AWS IAM with Kubernetes`
			`- [kube-bench](https://github.com/aquasecurity/kube-bench) - Check whether Kubernetes is deployed according to security best practics`
			`- [kube-hunter](https://github.com/aquasecurity/kube-hunter) - Hunt for security weaknesses in Kubernetes clusters`
			`- [kube-psp-advisor](https://github.com/sysdiglabs/kube-psp-advisor) - Help building an adaptive and fine-grained pod security policy`
Updates 2020-01-24 17:25:02 +00:00			`- [kube-scan](https://github.com/octarinesec/kube-scan) - k8s cluster risk assessment tool`
Add descriptions 2019-05-26 20:13:56 +00:00			`- [kube2iam](https://github.com/jtblin/kube2iam) - Provide different AWS IAM roles for pods running on Kubernetes`
			`- [kubeaudit](https://github.com/Shopify/kubeaudit) - Audit your Kubernetes clusters against common security controls`
			`- [kubectl-bindrole](https://github.com/Ladicle/kubectl-bindrole) - Find Kubernetes roles bound to a specified ServiceAccount, Group or User`
			`- [kubectl-dig](https://github.com/sysdiglabs/kubectl-dig) - Deep Kubernetes visibility from the kubectl`
			`- [kubectl-kubesec](https://github.com/stefanprodan/kubectl-kubesec) - Scan Kubernetes pods, deployments, daemonsets and statefulsets with kubesec.io`
Minor 2020-01-24 17:28:00 +00:00			`- [kubectl-who-can](https://github.com/aquasecurity/kubectl-who-can) - Show who has permissions to \<verb\> \<resource\> in Kubernetes`
Add descriptions 2019-05-26 20:13:56 +00:00			`- [rakkess](https://github.com/corneliusweig/rakkess) - Review access matrix for Kubernetes server resources`
			`- [rback](https://github.com/mhausenblas/rback) - RBAC in Kubernetes visualizer`
Add trivy 2020-01-24 17:29:29 +00:00			`- [trivy](https://github.com/aquasecurity/trivy) - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI`
Updates 2020-01-24 17:25:02 +00:00
			`## General Resources`

			`- [Kubernetes Security and Disclosure Information](https://kubernetes.io/docs/reference/issues-security/security/)`
			`- [Kubernetes Security](https://kubernetes-security.info/)`
			`- [GKE Security Bulletins](https://cloud.google.com/kubernetes-engine/docs/security-bulletins)`

			`## Twitter Accounts`

			`- [Ann N Wallace](https://twitter.com/annnwallace)`
			`- [Annabelle Bertucio](https://twitter.com/WhyHiAnnabelle)`
			`- [Brad Geessaman](https://twitter.com/bradgeesaman)`
			`- [Duffie Cooley](https://twitter.com/mauilion)`
			`- [Erik St. Martin](https://twitter.com/erikstmartin)`
			`- [Greg Castle](https://twitter.com/mrgcastle)`
			`- [Ian Coldwater](https://twitter.com/iancoldwater)`
			`- [Jimmy Mesta](https://twitter.com/jimmesta)`
			`- [Jordan Liggitt](https://twitter.com/liggitt)`
			`- [learnk8s](https://twitter.com/learnk8s)`
			`- [Liz Rice](https://twitter.com/lizrice)`
			`- [Mark Manning](https://twitter.com/antitree)`
			`- [Maya Kaczorowski](https://twitter.com/MayaKaczorowski)`
			`- [Michael Ducy](https://twitter.com/mfdii)`
			`- [Michael Hausenblas](https://twitter.com/mhausenblas)`
			`- [Peter Benjamin](https://twitter.com/petermbenjamin)`
			`- [Rory McCune](https://twitter.com/raesene)`
			`- [Tabitha Sable](https://twitter.com/TabbySable)`
			`- [Tim Allclair](https://twitter.com/tallclair)`
			`- [Timothy St. Clair](https://twitter.com/timothysc)`