15 projects
Cilium
Cilium is an open source software for providing, securing and observing network connectivity between container workloads - cloud native, and fueled by the revolutionary Kernel technology eBPF.
Contributors
7,756
Organizations
2,206
Software value
$1.1B
Calico
Calico is an open source networking and security solution for containers, virtual machines, and native host-based workloads. It provides a pure Layer 3 approach to virtual networking that uses standard IP routing principles and offers features like network policy enforcement, dynamic service insertion, and troubleshooting tools.
Contributors
4,394
Organizations
1,166
Software value
$31M
Kyverno
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies.
Contributors
3,540
Organizations
1,041
Software value
$96M
Falco
Falco, the open source cloud-native runtime security project, is the defacto Kubernetes threat detection engine. Falco detects unexpected application behavior and alerts on threats at runtime.
Contributors
2,912
Organizations
781
Software value
$61M
Prowler
Prowler is an open-source security assessment tool designed to perform security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness assessment of AWS cloud environments. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional security best practices.
Contributors
1,554
Organizations
224
Software value
$46M
saml2aws
A command line tool that enables federated single sign-on (SSO) access to AWS accounts using SAML 2.0, allowing users to login and retrieve AWS temporary credentials via various identity providers
Contributors
1,503
Organizations
409
Software value
$967K
Kubescape
Kubescape is an open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA hardening guidance and the MITRE ATT&CK® . Kubescape scans K8s clusters, YAML files, and HELM charts, and detect misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline and provides a risk score instantly and risk trends over time. Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI and Github workflows. Kubescape policies are based on Open Policy Agent and the REGO language. A key idea behind Kubescape it to put security capabilities at the hands of the Developers and the DevOps teams. Our vision is to create a wide open-source Kubernetes security project with capabilities that will span across configuration control, vulnerabilities, RBAC management and runtime security - all made for developers and DevOps to add to their tools in a native way.
Contributors
1,246
Organizations
377
Software value
$83M
Sealed Secrets
A Kubernetes controller and tool that allows users to encrypt their Kubernetes Secrets into SealedSecrets, which can be safely stored in public repositories or transmitted over untrusted networks. The encrypted secrets can only be decrypted by the controller running in the target cluster.
Contributors
1,140
Organizations
476
Software value
$633K
kube-bench
kube-bench is a security assessment tool that checks whether Kubernetes deployments follow CIS (Center for Internet Security) benchmarks by running automated tests against Kubernetes clusters to identify misconfigurations and security vulnerabilities
Contributors
785
Organizations
234
Software value
$2.6M
StackRox
StackRox is a Kubernetes-native security platform that helps organizations secure their container and Kubernetes environments through vulnerability management, compliance, network segmentation, configuration management, and threat detection capabilities.
Contributors
469
Organizations
75
Software value
$97M
Honggfuzz
Honggfuzz is a security-oriented fuzzer with evolutionary, feedback-driven fuzzing capabilities. It supports various operating systems and CPU architectures, featuring unique instrumentation methods, flexible fuzzing strategies, and crash analysis tools to help identify software vulnerabilities.
Contributors
350
Organizations
95
Software value
$761K
iamlive
iamlive is a tool that generates AWS IAM policies by monitoring AWS API calls made by an application in real-time, helping developers create least-privilege IAM policies based on actual usage patterns
Contributors
107
Organizations
41
Software value
$81M