mirror of
https://github.com/nubenetes/awesome-kubernetes.git
synced 2026-07-19 13:20:19 +00:00
11 KiB
11 KiB
Securityascode
!!! info "Architectural Context" Detailed reference for Securityascode in the context of Hardened Infrastructure.
Standard Reference
- amazon.com: Policy-based countermeasures for Kubernetes – Part 1 [COMMUNITY-TOOL]
- blog.gitguardian.com: What is Policy-as-Code? An Introduction to Open Policy' Agent [COMMUNITY-TOOL]
- OPA Open Policy Agent 🌟 [COMMUNITY-TOOL]
- PolicyHub CLI, a CLI tool that makes Rego policies searchable 🌟 [COMMUNITY-TOOL]
- github.com/instrumenta/policies: A set of shared policies for use with Conftest' and other Open Policy Agent tools ⭐ 66 [COMMUNITY-TOOL]
- thenewstack.io: Getting Open Policy Agent Up and Running [COMMUNITY-TOOL]
- thenewstack.io: Weaveworks Adds Policy as Code to Secure Kubernetes Apps' (Magalix) [COMMUNITY-TOOL]
- dev.to: Load external data into OPA: The Good, The Bad, and The Ugly [COMMUNITY-TOOL]
- kubermatic.com: Using Open Policy Agent With Kubermatic Kubernetes Platform [COMMUNITY-TOOL]
- k8s-security-policies ⭐ 177 [COMMUNITY-TOOL]
- thenewstack.io: Yor Automates Tagging for Infrastructure as Code [COMMUNITY-TOOL]
- yor.io [COMMUNITY-TOOL]
- checkov.io [COMMUNITY-TOOL]
- aws.amazon.com: Policy-based countermeasures for Kubernetes – Part 1 [COMMUNITY-TOOL]
- MagTape ⭐ 152 [COMMUNITY-TOOL]
- Selefra: Selefra is an open-source policy-as-code software that provides' analytics for multi-cloud and SaaS. ⭐ 545 [COMMUNITY-TOOL]
- neonmirrors.net: Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno' 🌟 [COMMUNITY-TOOL]
- dev.to: Using Kyverno To Enforce EKS Best Practices [COMMUNITY-TOOL]
- kyverno.io: Mutating Resources [COMMUNITY-TOOL]
- squadcast.com: Kyverno - Policy Management in Kubernetes 🌟 [COMMUNITY-TOOL]
- neonmirrors.net: Exploring Kyverno: Part 3, Generation [COMMUNITY-TOOL]
- kyverno.io: Check deprecated APIs 🌟 [COMMUNITY-TOOL]
- kyverno.io: Generating resources into existing namespaces [COMMUNITY-TOOL]
- kyverno.io: Add Pod Proxies [COMMUNITY-TOOL]
- kyverno.io: Auto-Gen Rules for Pod Controllers [COMMUNITY-TOOL]
- kyverno.io: Require PodDisruptionBudget [COMMUNITY-TOOL]
- nirmata.com: Kubernetes Supply Chain Policy Management with Cosign and Kyverno [COMMUNITY-TOOL]
- neonmirrors.net: Exploring Kyverno: Introduction 🌟 [COMMUNITY-TOOL]
- nirmata.com: Introducing Kyverno 1.4.2: Trusted And More Efficient! [COMMUNITY-TOOL]
- Policy Reporter 🌟 ⭐ 368 [COMMUNITY-TOOL]
- sesin.at: Securing Kubernetes with Kyverno: How to Protect Your Users From' Themselves by Ritesh Patel [COMMUNITY-TOOL]
- dev.to: Default Kyverno Policies for OpenEBS [COMMUNITY-TOOL]
- kyverno.io: Restrict Image Registries [COMMUNITY-TOOL]
- dev.to: Using Kyverno Policies for Kubernetes Governance [COMMUNITY-TOOL]
- kyverno.io: Implementing your best practices is simple with kyverno [COMMUNITY-TOOL]
- blog.sigstore.dev: How to verify container images with Kyverno using KMS,' Cosign, and Workload Identity [COMMUNITY-TOOL]
- Cloud Custodian ⭐ 5988 [ENTERPRISE-STABLE]
- Azure Network Security Perimeter Concepts [COMMUNITY-TOOL]
Cloud Infrastructure
Kubernetes
Policy-as-Code
- Kyverno 🌟 [DE FACTO STANDARD] — A CNCF graduated Kubernetes-native policy engine.
- Allows policy definition as standard Kubernetes resources (YAML).
- Eliminates the need for complex DSLs like Rego.
- Simplifies admission control, generation, mutation, and validation of workloads.
- kyverno.io: 56 sample policies 🌟 [DOCUMENTATION] [ENTERPRISE-STABLE] — A rich library of ready-to-use Kyverno policy definitions. These templates address common cloud security standards (Pod Security Standards, multi-tenancy constraints, best practices, and resource optimization parameters) for instant cluster hardening.
Cloud Native Security
Policy Enforcement
Open Policy Agent
- (2021) infracloud.io: Kubernetes Pod Security Policies with Open Policy Agent [EN CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Addresses the transition from obsolete Kubernetes Pod Security Policies (PSPs) to Open Policy Agent (OPA) Gatekeeper. Explores how to leverage declarative constraints using the Rego engine to strictly manage admission control actions.
Identity and Access Management
Cloud IAM
Microsoft Entra
- Configure Microsoft Entra for Increased Security [DOCUMENTATION] [ENTERPRISE-STABLE] — Official documentation outlines hardening parameters for Microsoft Entra ID. Features prescriptive blueprints for setting up conditional access, continuous access evaluation, Multi-Factor Authentication (MFA), and role-based identity management.
Public Cloud Platforms
AWS
EKS Security and Isolation
Policy Management
- aws.amazon.com: Easy as one-two-three policy management with Kyverno on' Amazon EKS 🌟 [ENTERPRISE-STABLE] [GUIDE] — Walkthrough detailing how to manage native policy rules on EKS clusters using Kyverno instead of raw Rego. Illustrates automated resource validation, generation, and mutation patterns to enforce corporate configuration compliance.
Security
DevSecOps
SAST
- GitHub Code Security Risk Assessment: Free Vulnerability Scanning [EN CONTENT] [COMMUNITY-TOOL] — An introduction to GitHub's native, free vulnerability scanning tools designed to locate security regressions, secrets, and supply chain threats directly within the code repository. It highlights automated security alerts and quick enablement configurations.