10.10. 云安全¶
10.10.1. 云环境自动测试¶
10.10.1.1. k8s¶
- checkov Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew
- CDK Zero Dependency Container Penetration Toolkit
- kube bench
- kube hunter Hunt for security weaknesses in Kubernetes clusters
- KubiScan A tool to scan Kubernetes cluster for risky permissions
- kubescape kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
- kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls
- peirates Kubernetes Penetration Testing tool
- datree Prevent Kubernetes misconfigurations from reaching production
10.10.3. 云上扫描¶
- Cloud Custodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
- cloudquery cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security