# :lock: awesome-kubernetes-security [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

A curated list of awesome Kubernetes security resources. Can you dig it?

## Open Source Projects

- [audit2rbac](https://github.com/liggitt/audit2rbac) - Autogenerate RBAC policies based on Kubernetes audit logs
- [falco](https://github.com/falcosecurity/falco) - Container Native Runtime Security
- [kiam](https://github.com/uswitch/kiam) - Integrate AWS IAM with Kubernetes
- [kube-bench](https://github.com/aquasecurity/kube-bench) - Check whether Kubernetes is deployed according to security best practics
- [kube-hunter](https://github.com/aquasecurity/kube-hunter) - Hunt for security weaknesses in Kubernetes clusters
- [kube-psp-advisor](https://github.com/sysdiglabs/kube-psp-advisor) - Help building an adaptive and fine-grained pod security policy
- [kube-scan](https://github.com/octarinesec/kube-scan) - k8s cluster risk assessment tool
- [kube2iam](https://github.com/jtblin/kube2iam) - Provide different AWS IAM roles for pods running on Kubernetes
- [kubeaudit](https://github.com/Shopify/kubeaudit) - Audit your Kubernetes clusters against common security controls
- [kubectl-bindrole](https://github.com/Ladicle/kubectl-bindrole) - Find Kubernetes roles bound to a specified ServiceAccount, Group or User
- [kubectl-dig](https://github.com/sysdiglabs/kubectl-dig) - Deep Kubernetes visibility from the kubectl
- [kubectl-kubesec](https://github.com/stefanprodan/kubectl-kubesec) - Scan Kubernetes pods, deployments, daemonsets and statefulsets with kubesec.io
- [kubectl-who-can](https://github.com/aquasecurity/kubectl-who-can) - Show who has permissions to \<verb\>\ \<resource\> in Kubernetes
- [rakkess](https://github.com/corneliusweig/rakkess) - Review access matrix for Kubernetes server resources
- [rback](https://github.com/mhausenblas/rback) - RBAC in Kubernetes visualizer

## General Resources

- [Kubernetes Security and Disclosure Information](https://kubernetes.io/docs/reference/issues-security/security/)
- [Kubernetes Security](https://kubernetes-security.info/)
- [GKE Security Bulletins](https://cloud.google.com/kubernetes-engine/docs/security-bulletins)

## Twitter Accounts

- [Ann N Wallace](https://twitter.com/annnwallace)
- [Annabelle Bertucio](https://twitter.com/WhyHiAnnabelle)
- [Brad Geessaman](https://twitter.com/bradgeesaman)
- [Duffie Cooley](https://twitter.com/mauilion)
- [Erik St. Martin](https://twitter.com/erikstmartin)
- [Greg Castle](https://twitter.com/mrgcastle)
- [Ian Coldwater](https://twitter.com/iancoldwater)
- [Jimmy Mesta](https://twitter.com/jimmesta)
- [Jordan Liggitt](https://twitter.com/liggitt)
- [learnk8s](https://twitter.com/learnk8s)
- [Liz Rice](https://twitter.com/lizrice)
- [Mark Manning](https://twitter.com/antitree)
- [Maya Kaczorowski](https://twitter.com/MayaKaczorowski)
- [Michael Ducy](https://twitter.com/mfdii)
- [Michael Hausenblas](https://twitter.com/mhausenblas)
- [Peter Benjamin](https://twitter.com/petermbenjamin)
- [Rory McCune](https://twitter.com/raesene)
- [Tabitha Sable](https://twitter.com/TabbySable)
- [Tim Allclair](https://twitter.com/tallclair)
- [Timothy St. Clair](https://twitter.com/timothysc)