Cloud Security for Kubernetes

kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.

Prowler is an open source multi-cloud security assessment tool that performs audits, compliance checks, and security evaluations across AWS, Azure, GCP, and Kubernetes environments.

An open-source policy-as-code platform that analyzes multi-cloud and SaaS environments using SQL and YAML policies with GPT integration for security, cost, and architecture assessments.

MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.

gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.

LinuxKit is a toolkit for building custom minimal, immutable Linux distributions with secure defaults for running containerized applications like Docker and Kubernetes.

A repository of Kubernetes Network Policy examples and YAML configurations for controlling network traffic and implementing security controls in Kubernetes clusters.

A collection of scripts and guidance for generating proof-of-concept Amazon GuardDuty findings to help users understand and test AWS security detection capabilities.

Kubeadm is a tool for creating Kubernetes clusters with best practices.

Kubernetes security platform with industry standard open source utilities for securing Kubernetes clusters and apps.

Encrypt Kubernetes Secrets into SealedSecrets for safe storage and controlled decryption within the cluster.

minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.

Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.

A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.

A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.

Security-Guard helps secure microservices and serverless containers by detecting and blocking exploits.

A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.

Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.

Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.

Scout Suite is an open source multi-cloud security auditing tool that gathers configuration data via cloud provider APIs to identify risks and provide visibility into cloud attack surfaces.