# Cloud and K8s Hacking

### CI/CD pipelines

* Static code security analyzers: [SonarQube](https://www.sonarqube.org/) (Javascript scanner), [NodeJsScan](https://github.com/ajinabraham/NodeJsScan).
* Package dependency security analyzers: [Snyk](https://snyk.io/).
* Docker image security analyzers: [Hadolint](https://github.com/hadolint/hadolint), [Clair](https://github.com/coreos/clair), [Anchore](https://anchore.com/).
* AWS IAM permission analyzers: [IAM access advisor APIs](https://aws.amazon.com/blogs/security/automate-analyzing-permissions-using-iam-access-advisor/).
* [PMapper](https://github.com/nccgroup/PMapper).
* AWS S3 permission analyzers: [s3audit](https://github.com/scalefactory/s3audit).
* Docker runtime anomaly detection: [Falco](https://hub.docker.com/r/sysdig/falco).
* Kubernetes policy security analyzers: [RBAC](https://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC). 
* Policy auditing tools: [Rakkess](https://github.com/corneliusweig/rakkess).