reposaur
gke-policy-automation
reposaur | gke-policy-automation | |
---|---|---|
4 | 8 | |
280 | 508 | |
0.4% | 0.2% | |
0.0 | 6.9 | |
6 months ago | 13 days ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
reposaur
- Reposaur – open-source compliance tool for development platforms
- Reposaur
- reposaur - use Rego to audit your GitHub org security posture
-
Reposaur: audit your GitHub organization and repositories with custom policies
If you want to have a look, head to: https://github.com/reposaur/reposaur (it's fairly new and being actively developed)
gke-policy-automation
-
Google Kubernetes clusters config checker tool
https://github.com/google/gke-policy-automation/blob/main/gk...
What's the point of requiring the control plane to be locked down to authorized networks (IP address ranges)? Isn't Google responsible for DDoS protection, enforcing authentication controls (i.e. logging in with a Google account in the right Google group), patching the control plane ASAP for any security vulnerabilities?
If you have a VPN, if you have heavy-duty network monitoring on your VPN endpoint, sure, limit it to the VPN. For the rest of us? Is every startup running GKE without heavy-duty VPN / network monitoring fundamentally insecure? That doesn't sound right to me. Security is supposed to be a spectrum, and it seems like black-and-white automated config checkers like these are more likely to provoke arguments internally ("but the tool said it's bad!!") than to help reach a nuanced understanding of why tradeoffs are made. No?
-
GKE Policy Automation: validate your cluster configurations
GKE Policy Automation is a tool and a policy library for validating Google Kubernetes Engine clusters against set of configuration best practices.
What are some alternatives?
rego-policies - Rego policies collection
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
secure-repo - Orchestrate GitHub Actions Security
OPAL - Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
o365beat - Elastic Beat for fetching and shipping Office 365 audit events
policy-enforcer - Represent your rego rules programmatically.
xpid - Linux Process Discovery. C Library, Go bindings, Runtime.
tanka - Flexible, reusable and concise configuration for Kubernetes
imdb-trakt-sync - Automatic sync from IMDb to Trakt (watchlist, lists, ratings and history) using GitHub actions.
popeye - 👀 A Kubernetes cluster resource sanitizer
Gravitational Teleport - The easiest, and most secure way to access and protect all of your infrastructure.
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.