10.10. 云安全

10.10.1. 云环境自动测试

10.10.1.1. k8s

  • checkov Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew
  • CDK Zero Dependency Container Penetration Toolkit
  • kube bench
  • kube hunter Hunt for security weaknesses in Kubernetes clusters
  • KubiScan A tool to scan Kubernetes cluster for risky permissions
  • kubescape kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
  • kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls
  • peirates Kubernetes Penetration Testing tool
  • datree Prevent Kubernetes misconfigurations from reaching production

10.10.1.2. 容器

  • botb A container analysis and exploitation tool for pentesters and engineers

10.10.2. 安全加固

  • falco Cloud Native Runtime Security

10.10.3. 云上扫描

  • Cloud Custodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • cloudquery cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

10.10.4. 靶场环境

  • metarget a framework providing automatic constructions of vulnerable infrastructures.