Kubesploit

An alternative approach to Secrets management in Helm 3 Read on: https://itnext.io/helm-3-secrets-management-4f23041f05c3?source=friends_link

This blog post is about an experiment to automate creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster More: https://itnext.io/generating-kubernetes-network-policies-by-sniffing-network-traffic-6d5135fe77db

Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations → https://github.com/vchinnipilli/kubestriker

cosign is a tool that can sign container images. Cosign supports: - Hardware and KMS signing - Bring-your-own PKI - Our free OIDC PKI (Fulcio) → https://github.com/sigstore/cosign

kubectl-whisper-secret plugin allows users to create secrets with secure input prompt to prevent information leakages through terminal history, shoulder surfing attacks, etc. 👉 https://github.com/rewanth1997/kubectl-whisper-secret

awesome-kubernetes-security Awesome a curated list of awesome Kubernetes security resources. 👉 https://github.com/ksoclabs/awesome-kubernetes-security

Preflight is a tool to automatically perform Kubernetes cluster configuration checks using Open Policy Agent (OPA). More https://github.com/jetstack/preflight

The kube-secrets-init is a Kubernetes mutating admission webhook, that mutates any K8s Pod that is using specially prefixed environment variables, directly or from Kubernetes as Secret or ConfigMap 👉 https://github.com/doitintl/kube-secrets-init

Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. → https://github.com/derailed/popeye

Kube-secret-syncer is a Kubernetes operator developed using the Kubebuilder framework that keeps the values of Kubernetes Secrets synchronised to secrets in AWS Secrets Manager Read on: https://github.com/contentful-labs/kube-secret-syncer

Trivy is a Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI Read more https://github.com/aquasecurity/trivy

An interesting way to protect your Kubernetes config file on your computer against accidental or malicious change or reading Read on https://gist.github.com/PatrLind/e651d3cbc3bf68e4bd9fcc9568cbd3fb

In this article you will learn what can be done to make a Kubernetes-based environment comply with the PCI DSS Read more https://elastisys.com/pci-dss-compliance-in-kubernetes-based-platforms

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project More: https://github.com/cyberark/kubesploit

In this article you will learn how to protect Secrets in your Kubernetes cluster More https://cncf.io/blog/2021/04/22/revealing-the-secrets-of-kubernetes-secrets

A Docker Security cheat sheet Read more: https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

How monero miners target and exploit cloud native dev environments Read more: https://blog.aquasec.com/monero-miners-target-bitbucket-dockerhub

Choosing the right policy-as-code solution for your Kubernetes cluster: - OPA - Gatekeeper - Kyverno - k-rail - MagTape More: https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1

Kubernetes Single Sign On - A detailed guide in 9 parts Read more: http://talkingquickly.co.uk/kubernetes-sso-a-detailed-guide

Secrets injection at runtime from external Vault into Kubernetes More https://itnext.io/secrets-injection-from-external-vault-into-kubernetes-poc-83a52c8cf5cb?source=friends_link