SaaSHub helps you find the best software and product alternatives Learn more →
Sig-security Alternatives
Similar projects and alternatives to sig-security
-
Ansible
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
-
OPA (Open Policy Agent)
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
spack
A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
-
-
-
ua-parser-js
UAParser.js - Free & open-source JavaScript library to detect user's Browser, Engine, OS, CPU, and Device type/model. Runs either in browser (client-side) or node.js (server-side).
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
cool-system
Discontinued The Cloud Optimized Operational Lab (COOL) system
-
cyclonedx-gomod
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
-
badPods
A collection of manifests that will create pods with elevated privileges.
-
vscode-datree
Simple VSCode Extension that allows you to run Datree tests on Kubernetes configurations.
sig-security reviews and mentions
- Practicing Threat Modeling to Assess and Fortify Open Source Security [pdf]
-
Cloud Native Applications - Part 2: Security
Cloud Native Security Whitepaper
-
Does Kubernetes support SELinux?
As Daniel Walsh himself wrote in a blog post, CRI-O integrates very well with SELinux and prevents dangerous actions like a container loading an old, unmaintained and therefore potentially vulnerable kernel module and breaking out of the isolation. Additionally, the Kubernetes API itself contains resources to specifically configure SELinux labels for containers. Doesn't sound like something they would do for a tool that "doesn't work with Kubernetes", according to some. Also, the CNCF security whitepaper mentions SELinux as a tool that can be used to provide isolation and limit privileges, which is as much as we could expect from an high-level, architecturally-minded document.
- Cloud Native Security Whitepaper v2
- Cloud Native Security Whitepaper [pdf]
- Catalog of Supply Chain Compromises
- tag-security/supply-chain-security/compromises at main · cncf/tag-security
- supply-chain-security - Catalog of Supply Chain Compromises
-
Secure software supply chain: why every link matters
Fortunately, not every attack has a big enough impact to appear in the newspaper, but let’s analyze some of the most relevant and recent ones. Many other examples of different types of supply chain attacks are also collected by the CNCF in their Catalog of Supply Chain Compromises.
-
A note from our sponsor - SaaSHub
www.saashub.com | 18 Apr 2024
Stats
cncf/sig-security is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of sig-security is HTML.