A tool for pillaging Docker registries to extract image manifests and configurations.
The k-rail project has been deprecated and will receive no new features or bugfixes except in the case of critical security vulnerabilities. We recommend migrating to an actively developed tool like OPA Gatekeeper that provides similar functionality. k-rail is a workload policy enforcement tool for Kubernetes. It can help you secure a multi tenant cluster with minimal disruption and maximum velocity. Why k-rail? - Suggested usage - Installation - Removal - Viewing policy violations - Violations from realtime feedback - Violations from the Events API - Violations from logs Supported policies: - No ShareProcessNamespace - No Exec - No Bind Mounts - No Docker Sock Mount - EmptyDir size limit Policy configuration: - Mutate Default Seccomp Profile - Immutable Image Reference - No Host Network - No Host PID - No New Capabilities - No Privileged Container - No Helm Tiller Trusted Image Repository Policy configuration - Safe to Evict (DEPRECATED) - Mutate Safe to Evict - Mutate Image Pull Policy Policy configuration: - Require Ingress Exemption - Unique Ingress Host - Service type LoadBalancer annotation check - Istio VirtualService Gateways check - No Persistent
A tool for pillaging Docker registries to extract image manifests and configurations.
A security tool to identify interesting files in AWS S3 buckets
A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
FunctionShield is a Serverless Security Library for Developers to enforce strict security controls on AWS Lambda & Google Cloud Functions runtimes.
Export Kubernetes events for observability and alerting purposes with flexible routing options.
Exploring the transition towards real sandbox containers and the differences in privileges compared to traditional sandboxes like Chrome.