Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

A roadmap to learn Kubernetes from scratch (Beginner to Advanced level)

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

📦 Make security testing of K8s, Docker, and Containerd easier.

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.

A Blazing fast Security Auditing tool for Kubernetes

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

A curated list of awesome Kubernetes security resources

Open-source Platform for learning kubernetes and aws eks and preparation for for Certified Kubernetes exams (CKA ,CKS , CKAD)

Tool for building Kubernetes attack paths

Kubernetes security notes and best practices

eBPF (extended Berkeley Packet Filter) Guide. Learn all about the eBPF Tools and Libraries for Security, Monitoring , and Networking.

TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

Kubernetes security tool for policy enforcement

MKIT is a Managed Kubernetes Inspection Tool that validates several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.