Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

📦 Make security testing of K8s, Docker, and Containerd easier.

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practi…

The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.

A tool for exploring each layer in a docker image

kubeaudit helps you audit your Kubernetes clusters against common security controls

Cloud Native Runtime Security

👀 A Kubernetes cluster resource sanitizer

eBPF-based Security Observability and Runtime Enforcement

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

a lightweight kubernetes multi-tenancy gateway

A High Performance Metadata System for Kubernetes

[WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐

🛡️ Awesome Cloud Security Resources ⚔️

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

容器安全漏洞的分析与复现

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)