linux-bench
connaisseur
linux-bench | connaisseur | |
---|---|---|
2 | 3 | |
145 | 418 | |
3.4% | 0.5% | |
3.7 | 9.0 | |
3 months ago | about 22 hours ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
linux-bench
- CIS Hardening Ubuntu Server
-
Container security best practices: Comprehensive guide
Other tools you can use are linux-bench, docker-bench, kube-bench, kube-hunter, kube-striker, Cloud Custodian, OVAL, and OS Query.
connaisseur
-
Container security best practices: Comprehensive guide
We already mentioned Connaisseur Admission Controller as a way to enforce content trust and reject images that are not signed by trusted sources.
- GitHub - sse-secure-systems/connaisseur: An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
-
Making the Internet more secure one signed container at a time
Admission Controller was based on Connaisseur, heavily modified to work with v2 instead of v1 signatures.
What are some alternatives?
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
cosign - Code signing and transparency for containers and binaries
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
tfsec - Security scanner for your Terraform code
enhancements - Enhancements tracking repo for Kubernetes
falco - Cloud Native Runtime Security
gatekeeper-library - 📚 The OPA Gatekeeper policy library
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
magtape - MagTape Policy-as-Code for Kubernetes
cfn_nag - Linting tool for CloudFormation templates