cnspec
k-rail
cnspec | k-rail | |
---|---|---|
3 | 3 | |
236 | 448 | |
2.5% | - | |
9.7 | 0.0 | |
5 days ago | over 1 year ago | |
Go | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cnspec
k-rail
- Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
-
Writing a Kubernetes Admission Controller
k-rail
-
Checking Your --privileged Container
k-rail: https://github.com/cruise-automation/k-rail
What are some alternatives?
cnquery - open source, cloud-native, graph-based asset inventory
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
wolfi-os - Main package repository for production Wolfi images [Moved to: https://github.com/wolfi-dev/os]
Kyverno - Kubernetes Native Policy Management
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
datree - Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
extism - The framework for building with WebAssembly (wasm). Easily load wasm modules, move data, call functions, and build extensible apps.
kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
kubernetes - Production-Grade Container Scheduling and Management