kapitan-reference
checkov
Our great sponsors
| kapitan-reference | checkov | |
|---|---|---|
| 2 | 25 | |
| 34 | 4,215 | |
| - | 6.2% | |
| 5.5 | 10.0 | |
| about 1 month ago | 1 day ago | |
| Python | Python | |
| - | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kapitan-reference
-
Does anybody else find Helm charts pretty useless?
You can find some example in our repository
-
GitOps opinion piece (it sucks at scale) and webinar announcement: GitOps from the trenches (community-debate on GitOps pros and cons)
If you are unfamiliar with Kapitan, you can check out our example repo here: https://github.com/kapicorp/kapitan-reference
checkov
- Allow ECS Task Role to assume any role or invoke any lambda function. Yay or nay?
-
Terraform Best Practices for Better Infrastructure Management
checkov – Terraform static analysis tool
-
Terraform policy generator?
Checkov
-
Finding and Fixing Cloud Misconfigurations with open source
The IaC scanner called Checkov, helps prevent misconfigured and insecure configurations prior to being released in the wild, leveraging a policy as code for everyone approach.
-
Ways to test terraform scripts
- Security and Compliance testing for terraform: - https://github.com/bridgecrewio/checkov
-
Learn About Infrastructure as Code in 5 Minutes and Why You Should Use It
Errors in IaC files can be a serious problem if they are not detected prior to deploying IaC definitions. Therefore, it is recommended to automatically and continuously scan IaC files, ensuring that verification occurs whenever an IaC definition is created or updated. You can do it using such tools as Checkov, TFLint, Accurics.
-
Policyer Action
Policyer is an open source project (more like a vision) I created after inspired by policy engines that become very popular lately (OPA,Checkov) Policyer going to focus on providing platform to run and create meaningful reports, data engagement and plugin system to let you provide any data, some time it can be k8s yaml and in other it can be user data.
-
Container security best practices: Comprehensive guide
If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.
-
Testing Terraform The Right Way
checkov — https://github.com/bridgecrewio/checkov/
-
Kubernetes Security Checklist 2021
Workload configuration should be audited regularly (Kics, Kubeaudit, Kubescape, Conftest, Kubesec, Checkov)
What are some alternatives?
tfsec - Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec]
terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
tflint - A Pluggable Terraform Linter
terratest - Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
atlantis - Terraform Pull Request Automation
tfsec - Security scanner for your Terraform code
cfn_nag - Linting tool for CloudFormation templates
inspec - InSpec: Auditing and Testing Framework
driftctl - Detect, track and alert on infrastructure drift
conftest - Write tests against structured configuration data using the Open Policy Agent Rego query language