cnspec
KubeArmor
cnspec | KubeArmor | |
---|---|---|
3 | 3 | |
236 | 1,279 | |
2.5% | 2.6% | |
9.7 | 9.5 | |
5 days ago | 5 days ago | |
Go | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cnspec
KubeArmor
-
Implement DevSecOps to Secure your CI/CD pipeline
Falco is a cloud native Kubernetes threat detection tool. It can detect unexpected behavior, intrusions, and data theft in real time. In the backend, it uses Linux eBPF technology to trace your system and applications at runtime. For example, it can detect if someone tries to read a secret file inside a container, access a pod as a root user, etc, and trigger a webhook or send logs to the monitoring system. There are similar tools like Tetragon, KubeArmor, and Tracee which also provide Kubernetes runtime security.
- KubeArmor: Container-Aware Runtime Security Enforcement System Using LSM
-
The State of FOSS in India
We're building a KubeArmor - a container-aware runtime security enforcement system n using LSMs - between India, Korea and the US
https://github.com/accuknox/kubearmor
What are some alternatives?
cnquery - open source, cloud-native, graph-based asset inventory
gvisor - Application Kernel for Containers
wolfi-os - Main package repository for production Wolfi images [Moved to: https://github.com/wolfi-dev/os]
cilium - eBPF-based Networking, Security, and Observability
k-rail - Kubernetes security tool for policy enforcement
datree - Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
eBPF-Guide - eBPF (extended Berkeley Packet Filter) Guide. Learn all about the eBPF Tools and Libraries for Security, Monitoring , and Networking.
extism - The framework for building with WebAssembly (wasm). Easily load wasm modules, move data, call functions, and build extensible apps.
jaeger - CNCF Jaeger, a Distributed Tracing Platform
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
cronn - cron service with extras