28 docs tagged with "tool"

aad-pod-identity enables Kubernetes pods on Azure to use Azure Active Directory identities for accessing Azure resources without storing credentials.

audit2rbac automatically generates RBAC policies from Kubernetes audit logs, enabling precise least-privilege configurations based on actual API usage.

CDK is a zero-dependency container penetration toolkit for assessing container security, discovering escape vectors, and testing Kubernetes defenses.

cnspec is a cloud-native security scanner from Mondoo that assesses Kubernetes clusters, containers, and infrastructure against security policies and compliance frameworks.

Cosign is a container signing and verification tool used to secure container images and enforce supply chain integrity.

Deepfence ThreatMapper is a runtime vulnerability scanner that discovers threats across Kubernetes clusters, VMs, containers, and serverless environments.

Falco is a runtime security tool for Kubernetes that detects abnormal behavior and threats based on system call monitoring and security rules.

KBOM (Kubernetes Bill of Materials) Toolkit generates comprehensive inventories of Kubernetes clusters, including components, images, and configurations.

kdigger is a Kubernetes-focused container assessment and context discovery tool for penetration testing and security assessments.

kiam provides AWS IAM credentials to pods running on Kubernetes, using a client-server architecture for improved security over metadata interception.

kube-psp-advisor generates Pod Security Policies and Pod Security Standards based on the actual security requirements of running workloads.

kube-scan is a Kubernetes risk assessment tool that calculates risk scores for workloads based on their security configurations and potential attack impact.

kube2iam enables Kubernetes pods to assume AWS IAM roles, providing fine-grained AWS credential management without exposing long-lived credentials.

kubectl-bindrole finds all Kubernetes roles and cluster roles bound to a specified ServiceAccount, User, or Group, helping audit RBAC configurations.

kubectl-dig provides deep visibility into Kubernetes cluster activity using eBPF-based tracing, enabling real-time analysis of system calls and network traffic.

kubectl-kubesec is a kubectl plugin that scans Kubernetes resources using kubesec.io to identify security risks and provide hardening recommendations.

kubectl-who-can shows which subjects have RBAC permissions to perform specific actions on Kubernetes resources, helping identify privilege distribution.

Kubei is a Kubernetes runtime vulnerability scanner that identifies vulnerabilities in container images across your cluster in real-time.

Kubernetes External Secrets Operator synchronizes secrets from external providers like AWS Secrets Manager, HashiCorp Vault, and Azure Key Vault into Kubernetes.

kubernetes-rbac-audit is an auditing tool that analyzes RBAC configurations to identify risky permissions and potential security misconfigurations.

netchecks validates network connectivity assumptions in Kubernetes clusters by running declarative network tests to verify policies and connectivity.

rakkess displays an access matrix showing which Kubernetes resources a user, group, or service account can access, providing a comprehensive RBAC overview.

rback generates visual diagrams of Kubernetes RBAC configurations, making it easier to understand and audit complex permission structures.

red-kube is a Kubernetes adversary emulation framework based on kubectl, providing attack simulations aligned with MITRE ATT&CK tactics.

Steampipe enables SQL-based querying of Kubernetes resources and compliance scanning using the steampipe-kubernetes plugin and compliance mod.

Overview, usage, and best practices for using Trivy to scan container images, file systems, and Kubernetes resources for vulnerabilities.

Trivy Operator provides Kubernetes-native security scanning by automatically scanning workloads for vulnerabilities, misconfigurations, secrets, and RBAC issues.

Vault Secrets Operator is HashiCorp's official Kubernetes operator for synchronizing secrets from Vault into Kubernetes Secrets.