2019-05-21 15:19:55 -07:00
# :lock: awesome-kubernetes-security [](https://awesome.re)
2019-05-26 13:05:49 -07:00
A curated list of awesome Kubernetes security resources. Can you dig it?
2020-01-24 09:25:02 -08:00
## Open Source Projects
2021-11-24 17:04:37 +01:00
- [aad-pod-identity ](https://github.com/Azure/aad-pod-identity/ ) - Assign Azure AD idenitites to pods in Kubernetes, in order to access Azure resources
2019-05-26 13:13:56 -07:00
- [audit2rbac ](https://github.com/liggitt/audit2rbac ) - Autogenerate RBAC policies based on Kubernetes audit logs
2020-01-24 09:25:02 -08:00
- [falco ](https://github.com/falcosecurity/falco ) - Container Native Runtime Security
2019-05-26 13:13:56 -07:00
- [kiam ](https://github.com/uswitch/kiam ) - Integrate AWS IAM with Kubernetes
- [kube-bench ](https://github.com/aquasecurity/kube-bench ) - Check whether Kubernetes is deployed according to security best practics
- [kube-hunter ](https://github.com/aquasecurity/kube-hunter ) - Hunt for security weaknesses in Kubernetes clusters
- [kube-psp-advisor ](https://github.com/sysdiglabs/kube-psp-advisor ) - Help building an adaptive and fine-grained pod security policy
2020-01-24 09:25:02 -08:00
- [kube-scan ](https://github.com/octarinesec/kube-scan ) - k8s cluster risk assessment tool
2019-05-26 13:13:56 -07:00
- [kube2iam ](https://github.com/jtblin/kube2iam ) - Provide different AWS IAM roles for pods running on Kubernetes
- [kubeaudit ](https://github.com/Shopify/kubeaudit ) - Audit your Kubernetes clusters against common security controls
- [kubectl-bindrole ](https://github.com/Ladicle/kubectl-bindrole ) - Find Kubernetes roles bound to a specified ServiceAccount, Group or User
- [kubectl-dig ](https://github.com/sysdiglabs/kubectl-dig ) - Deep Kubernetes visibility from the kubectl
- [kubectl-kubesec ](https://github.com/stefanprodan/kubectl-kubesec ) - Scan Kubernetes pods, deployments, daemonsets and statefulsets with kubesec.io
2020-01-24 09:28:00 -08:00
- [kubectl-who-can ](https://github.com/aquasecurity/kubectl-who-can ) - Show who has permissions to \<verb\> \<resource\> in Kubernetes
2020-01-30 09:31:18 -08:00
- [kyverno ](https://github.com/nirmata/kyverno ) - Kubernetes Native Policy Management
2019-05-26 13:13:56 -07:00
- [rakkess ](https://github.com/corneliusweig/rakkess ) - Review access matrix for Kubernetes server resources
2021-01-13 01:36:54 +00:00
- [rback ](https://github.com/team-soteria/rback ) - RBAC in Kubernetes visualizer
2020-01-24 09:29:29 -08:00
- [trivy ](https://github.com/aquasecurity/trivy ) - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
2020-05-11 00:07:35 +08:00
- [kubernetes-rbac-audit ](https://github.com/cyberark/kubernetes-rbac-audit ) - Tool for auditing RBACs in Kubernetes
2020-01-24 09:25:02 -08:00
## General Resources
- [Kubernetes Security and Disclosure Information ](https://kubernetes.io/docs/reference/issues-security/security/ )
- [Kubernetes Security ](https://kubernetes-security.info/ )
- [GKE Security Bulletins ](https://cloud.google.com/kubernetes-engine/docs/security-bulletins )
2020-10-27 16:47:04 +03:00
- [CKS Certified Kubernetes Security Specialist resources repo ](https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist )
2021-10-14 17:50:38 +03:00
- [Kubernetes Security Checklist and Requirements ](https://github.com/Vinum-Security/kubernetes-security-checklist )
2021-11-30 22:36:20 +05:30
- [Securing Kubernetes Clusters ](https://www.cyberark.com/resources/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions )
2020-01-24 09:25:02 -08:00
## Twitter Accounts
2020-10-27 16:47:04 +03:00
- [Andrew Martin ](https://twitter.com/sublimino )
2020-01-24 09:25:02 -08:00
- [Ann N Wallace ](https://twitter.com/annnwallace )
- [Annabelle Bertucio ](https://twitter.com/WhyHiAnnabelle )
- [Brad Geessaman ](https://twitter.com/bradgeesaman )
- [Duffie Cooley ](https://twitter.com/mauilion )
- [Erik St. Martin ](https://twitter.com/erikstmartin )
- [Greg Castle ](https://twitter.com/mrgcastle )
- [Ian Coldwater ](https://twitter.com/iancoldwater )
- [Jimmy Mesta ](https://twitter.com/jimmesta )
- [Jordan Liggitt ](https://twitter.com/liggitt )
- [learnk8s ](https://twitter.com/learnk8s )
- [Liz Rice ](https://twitter.com/lizrice )
- [Mark Manning ](https://twitter.com/antitree )
- [Maya Kaczorowski ](https://twitter.com/MayaKaczorowski )
- [Michael Ducy ](https://twitter.com/mfdii )
- [Michael Hausenblas ](https://twitter.com/mhausenblas )
- [Peter Benjamin ](https://twitter.com/petermbenjamin )
- [Rory McCune ](https://twitter.com/raesene )
- [Tabitha Sable ](https://twitter.com/TabbySable )
- [Tim Allclair ](https://twitter.com/tallclair )
- [Timothy St. Clair ](https://twitter.com/timothysc )
