diff --git a/Cloud_and_K8s_Hacking/README.md b/Cloud_and_K8s_Hacking/README.md
new file mode 100644
index 0000000..cfef339
--- /dev/null
+++ b/Cloud_and_K8s_Hacking/README.md
@@ -0,0 +1,13 @@
+# Cloud and K8s Hacking
+
+### CI/CD pipelines
+
+* Static code security analyzers: [SonarQube](https://www.sonarqube.org/) (Javascript scanner), [NodeJsScan](https://github.com/ajinabraham/NodeJsScan).
+* Package dependency security analyzers: [Snyk](https://snyk.io/).
+* Docker image security analyzers: [Hadolint](https://github.com/hadolint/hadolint), [Clair](https://github.com/coreos/clair), [Anchore](https://anchore.com/).
+* AWS IAM permission analyzers: [IAM access advisor APIs](https://aws.amazon.com/blogs/security/automate-analyzing-permissions-using-iam-access-advisor/).
+* [PMapper](https://github.com/nccgroup/PMapper).
+* AWS S3 permission analyzers: [s3audit](https://github.com/scalefactory/s3audit).
+* Docker runtime anomaly detection: [Falco](https://hub.docker.com/r/sysdig/falco).
+* Kubernetes policy security analyzers: [RBAC](https://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC). 
+* Policy auditing tools: [Rakkess](https://github.com/corneliusweig/rakkess).