📦 Make security testing of K8s, Docker, and Containerd easier.

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

Tool for building Kubernetes attack paths

阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey运维安全工具，accesskey利用工具，包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,aws accesskey rce;remote command execute

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

AWS云平台 AccessKey 泄漏利用工具

awesome resources about cloud native security 🐿

An ongoing curated list of awesome frameworks, important books, articles, talks, libraries, learning tutorials, best practices and technical resources about Cloud Native Development

Web Appliaction Firewall reverse-proxy using Coraza WAF + Caddy with ready-to-use rulesets

Exports Kubernetes resources created by Trivy Operator as individual metrics.

autonomous intrusion defense system for Kubernetes that combines eBPF-based real-time traffic intelligence with CNN-LSTM deep learning for sub-millisecond threat detection and policy-driven autonomous mitigation.

End-to-End Cybersecurity

Jibril Runtime Security Public Types. Important for unmarshalling events and similar needs.

A curated list of cloud security tools for AWS, Azure, GCP, and Kubernetes

Repository untuk tugas DevSecOps Week7 — Docker Security dengan Trivy

Runtime container security research system using eBPF syscall telemetry and unsupervised anomaly detection to identify malicious behaviour in Kubernetes environments.

KCSA (Kubernetes Cloud Native Security Associate) hands-on labs covering Kubernetes security, container security, admission control, and cloud native security practices.

This is a production-grade, Zero Trust financial microservice provisioned via Terraform on AWS EKS. Features OIDC keyless CI/CD, strictly scoped IAM, and non-root container security.

A high-performance Kubernetes security and observability stack powered by eBPF. Uses Cilium for kube-proxy-free networking and Falco for kernel-level threat detection.

Github space for Ovidiu Cical - CEO & Founder of Cyscale

A production-style DevSecOps CI/CD pipeline demonstrating shift-left security with open-source tools. It performs SAST, secrets detection, dependency and container scanning, SBOM generation, and image signing before deploying to Kubernetes. The pipeline can run locally or via GitHub Actions and generates security reports for validation.