Skip to content

A curated list of awesome Kubernetes security resources

Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



54 Commits

Repository files navigation

🔒 awesome-kubernetes-security Awesome

A curated list of awesome Kubernetes security resources. Can you dig it?

Open Source Projects

  • aad-pod-identity - Assign Azure AD idenitites to pods in Kubernetes, in order to access Azure resources
  • audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs
  • CDK - Zero Dependency Container Penetration Toolkit
  • Deepfence ThreatMapper - Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless
  • cnspec - Scan Kubernetes clusters, containers, and manifest files for vulnerabilities and misconfigurations
  • falco - Container Native Runtime Security
  • KBOM - Kubernetes Bill of Materials Toolkit
  • kdigger - Kubernetes focused container assessment and context discovery tool for penetration testing
  • kiam - Integrate AWS IAM with Kubernetes
  • kube-bench - Check whether Kubernetes is deployed according to security best practics
  • kube-hunter - Hunt for security weaknesses in Kubernetes clusters
  • kube-psp-advisor - Help building an adaptive and fine-grained pod security policy
  • kube-scan - k8s cluster risk assessment tool
  • kubescape - k8s risk analysis, security compliance, and misconfiguration scanning.
  • kubelight - WIP but promising - OWASP project to scan your Kubernetes Cluster for Security & Compliance.
  • Kubei - Vulnerabilities scanner for Kubernetes clusters
  • kube2iam - Provide different AWS IAM roles for pods running on Kubernetes
  • kubeaudit - Audit your Kubernetes clusters against common security controls
  • kubectl-bindrole - Find Kubernetes roles bound to a specified ServiceAccount, Group or User
  • kubectl-dig - Deep Kubernetes visibility from the kubectl
  • kubectl-kubesec - Scan Kubernetes pods, deployments, daemonsets and statefulsets with
  • kubectl-who-can - Show who has permissions to <verb> <resource> in Kubernetes
  • OWASP Top Ten for Kubernetes - The Top Ten is a prioritized list of these risks backed by data collected from organizations varying in maturity and complexity
  • terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
  • kyverno - Kubernetes Native Policy Management
  • netchecks - Tool to validate assumptions about the network
  • rakkess - Review access matrix for Kubernetes server resources
  • rback - RBAC in Kubernetes visualizer
  • red-kube - K8S Adversary Emulation Based on kubectl
  • steampipe - Use SQL to query your cloud services (AWS, Azure, GCP and more) running Kubernetes
  • steampipe-kubernetes - Use SQL to query your Kubernetes resources
  • steampipe-kubernetes-compliance - Kubernetes compliance scanning tool for CIS, NSA & CISA Cybersecurity technical report for Kubernetes hardening.
  • trivy - A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
  • trivy-operator - Kubernetes-native security (Vulnerabilities,IaC MisConfig,Exposed Secrets,RBAC Assessment,Compliance and more) toolkit for kubernetes
  • kubernetes-rbac-audit - Tool for auditing RBACs in Kubernetes
  • kubernetes-external-secrets - Tool to get External Secrets from Hashicorp Vault and AWS SSM
  • vault-secrets-operator - An operator to create Kubernetes secrets from Vault for a secure GitOps based workflow

General Resources

Twitter Accounts


No releases published


No packages published