Kubernetes

minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.

Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.

Create checkpoint snapshots of the state of running pods for later off-line analysis.

A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.

Real-time, eBPF-based Security Observability and Runtime Enforcement component

kube2iam provides IAM credentials to Kubernetes containers by intercepting EC2 metadata API calls and retrieving temporary AWS credentials based on pod annotations.

A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.

Romana automates cloud-native network isolation and distributed firewall policies for Kubernetes and OpenStack environments using topology-aware IPAM without overlays.

A collection of tips and tricks for container and container orchestration hacking and security testing.

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.

A Helm plugin that decrypts encrypted value files using sops encryption and integrates with cloud secret managers for secure secrets management in Kubernetes deployments.

Kiam is a Kubernetes agent that allows Pods to assume AWS IAM roles, though it is being deprecated in favor of AWS' official IAM roles for Service Accounts solution.

Security-Guard helps secure microservices and serverless containers by detecting and blocking exploits.

A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.

Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.

Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.

Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.

Scout Suite is an open source multi-cloud security auditing tool that gathers configuration data via cloud provider APIs to identify risks and provide visibility into cloud attack surfaces.