kubestriker VS pixie

TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®

Other tools you can use are linux-bench, docker-bench, kube-bench, kube-hunter, kube-striker, Cloud Custodian, OVAL, and OS Query.

# Create python virtual environment $ python3 -m venv env # Activate python virtual environment $ source env/bin/activate # Clone this repository $ git clone https://github.com/vchinnipilli/kubestriker.git # Go into the repository $ cd kubestriker # Install dependencies $ pip install -r requirements.txt # Incase of prompt toolkit or selectmenu errors $ pip install prompt-toolkit==1.0.15 $ pip install -r requirements.txt # Gearing up Kubestriker $ python -m kubestriker # Result will be generated in the current working directory with the name of the target

I am really curious, why build another project that has similar features as another open source software pixie - https://px.dev/.

Kibana is a good alternative if you can allow storing all your data in Elasticsearch, or you can use all-in-one monitoring tools like pixie https://github.com/pixie-io/pixie

Plenty of paid monitoring solutions out there. Instana is pretty slick. NewRelic has a new open source tool, https://github.com/pixie-io/pixie

Cilium multi-cluster mesh is a bit different, compared to service meshes, and it's L4, so should be fine with eBPF / XDP based routing. From observability standpoint I'd go for pixie - it should work just fine with both linkerd and istio, instead of Hubble, and Cilium's Tetragon was missing policies about 3-4 months ago (needs doublec-hecking if they had introduced any).

Congratulations on the launch, and thank you for choosing an awesome license!

For an unrelated reason, today I was reminded about Pixie (https://news.ycombinator.com/item?id=25375170 and https://news.ycombinator.com/item?id=31687978 and https://github.com/pixie-io/pixie#readme ), which says is also an ebpf kubernetes observability tool, also Apache licensed.

I suspect the difference may be your aspirations to move out of just kubernetes, but I wondered if that's the biggest difference between your project and theirs? Or maybe the C++ versus golang?

eBPF solutions look cool though. I heard of https://px.dev/ which sounds similar to ciliums eBPF mesh recently.