Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-27 19:16:08 -04:00
Code Issues Packages Projects Releases Wiki Activity

add readme

Browse Source 
Signed-off-by: Mia Steinkirch <mia.steinkirch@gmail.com>
This commit is contained in:
Mia Steinkirch 2019-10-29 18:45:02 -07:00
parent 9ed0254149
commit 06365916d8
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Cloud_and_K8s_Hacking/README.md Normal file
View File

@ -0,0 +1,13 @@
# Cloud and K8s Hacking
### CI/CD pipelines
* Static code security analyzers: [SonarQube](https://www.sonarqube.org/) (Javascript scanner), [NodeJsScan](https://github.com/ajinabraham/NodeJsScan).
* Package dependency security analyzers: [Snyk](https://snyk.io/).
* Docker image security analyzers: [Hadolint](https://github.com/hadolint/hadolint), [Clair](https://github.com/coreos/clair), [Anchore](https://anchore.com/).
* AWS IAM permission analyzers: [IAM access advisor APIs](https://aws.amazon.com/blogs/security/automate-analyzing-permissions-using-iam-access-advisor/).
* [PMapper](https://github.com/nccgroup/PMapper).
* AWS S3 permission analyzers: [s3audit](https://github.com/scalefactory/s3audit).
* Docker runtime anomaly detection: [Falco](https://hub.docker.com/r/sysdig/falco).
* Kubernetes policy security analyzers: [RBAC](https://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC).
* Policy auditing tools: [Rakkess](https://github.com/corneliusweig/rakkess).