10.10. 云安全

10.10.1. 云环境自动测试

10.10.1.1. k8s

• checkov Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew
• CDK Zero Dependency Container Penetration Toolkit
• kube bench
• kube hunter Hunt for security weaknesses in Kubernetes clusters
• KubiScan A tool to scan Kubernetes cluster for risky permissions
• kubescape kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
• kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls
• peirates Kubernetes Penetration Testing tool
• datree Prevent Kubernetes misconfigurations from reaching production

10.10.1.2. 容器

• botb A container analysis and exploitation tool for pentesters and engineers

10.10.2. 安全加固

• falco Cloud Native Runtime Security

10.10.3. 云上扫描

• Cloud Custodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
• cloudquery cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

10.10.4. 靶场环境

• metarget a framework providing automatic constructions of vulnerable infrastructures.
• CloudGoat Rhino Security Labs' "Vulnerable by Design" AWS deployment tool