github/awesome-kubernetes
1
0
Fork 0
mirror of https://github.com/nubenetes/awesome-kubernetes.git synced 2026-05-24 10:04:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8fa12001f2da1540fbbda5e7e1c960a61eecb160
awesome-kubernetes/v2-docs/securityascode.md

58 lines
9.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Securityascode
!!! info "Architectural Context"
Detailed reference for Securityascode in the context of Hardened Infrastructure.
- [searchitoperations.techtarget.com: Kubernetes policy project takes enterprise IT by storm](https://www.techtarget.com/searchitoperations/news/252467102/Kubernetes-policy-project-takes-enterprise-IT-by-storm) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [fugue.co: 5 tips for using the Rego language for Open Policy Agent (OPA)](https://snyk.io/blog) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [blog.openshift.com: Fine-Grained Policy Enforcement in OpenShift with Open Policy Agent 🌟](https://www.redhat.com/en/blog/fine-grained-policy-enforcement-in-openshift-with-open-policy-agent) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [compile OpenPolicyAgent policies into WebAssembly and run them on the edge](https://github.com/open-policy-agent/contrib/tree/main/wasm/cloudflare-worker) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [Fugue: Container and Kubernetes. Runtime infrastructure security](https://snyk.io/product/container-vulnerability-management) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Check deprecated APIs 🌟](https://kyverno.io/policies/best-practices/check_deprecated_apis) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Add Pod Proxies](https://kyverno.io/policies/other/add-pod-proxies) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Require PodDisruptionBudget](https://kyverno.io/policies/other/require_pdb) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [searchitoperations.techtarget.com: CNCF policy-as-code project bridges Kubernetes security gaps](https://www.techtarget.com/searchitoperations/news/252505548/CNCF-policy-as-code-project-bridges-Kubernetes-security-gaps) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [cloud.redhat.com: Automate Your Security Practices and Policies on OpenShift With Kyverno 🌟](https://www.redhat.com/en/blog/automate-your-security-practices-and-policies-on-openshift-with-kyverno) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [A Kyverno policy to block custom snippet configurations for Kubernetes Nginx ingress (CVE-2021-25742](https://github.com/kubernetes/kubernetes/issues/126811) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Restrict Image Registries](https://kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Implementing your best practices is simple with kyverno](https://kyverno.io/policies/best-practices/require_probes/require_probes) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [youtube: The Rise of Kubernetes Policy Engine | Ep 57](https://www.youtube.com/watch?v=0TvhTXddRGE&t=12s) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [appsecengineer.com: Kubernetes Policy Management with Kyverno](https://www.appsecengineer.com/courses-collection/kubernetes-policy-management-with-kyverno) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [Apolicy](https://www.sysdig.com) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [sysdig.com: Sysdig and Apolicy join forces to help customers secure Infrastructure As Code and automate remediation](https://www.sysdig.com/blog/sysdig-and-apolicy-join-forces-to-help-customer-secure-infrastructure-as-code) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [amazon.com: Policy-based countermeasures for Kubernetes Part 1](https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [blog.gitguardian.com: What is Policy-as-Code? An Introduction to Open Policy Agent](https://blog.gitguardian.com/what-is-policy-as-code-an-introduction-to-open-policy-agent) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [OPA Open Policy Agent 🌟](https://www.openpolicyagent.org) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [PolicyHub CLI, a CLI tool that makes Rego policies searchable 🌟](https://github.com/policy-hub/policy-hub-cli) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [github.com/instrumenta/policies: A set of shared policies for use with Conftest and other Open Policy Agent tools](https://github.com/instrumenta/policies) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [thenewstack.io: Getting Open Policy Agent Up and Running](https://thenewstack.io/getting-open-policy-agent-up-and-running) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [thenewstack.io: Weaveworks Adds Policy as Code to Secure Kubernetes Apps (Magalix)](https://thenewstack.io/weaveworks-adds-policy-as-code-to-secure-kubernetes-apps) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [dev.to: Load external data into OPA: The Good, The Bad, and The Ugly](https://dev.to/permit_io/load-external-data-into-opa-the-good-the-bad-and-the-ugly-26lc) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kubermatic.com: Using Open Policy Agent With Kubermatic Kubernetes Platform](https://www.kubermatic.com/blog/using-open-policy-agent-with-kubermatic) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [k8s-security-policies](https://github.com/raspbernetes/k8s-security-policies) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [thenewstack.io: Yor Automates Tagging for Infrastructure as Code](https://thenewstack.io/yor-automates-tagging-for-infrastructure-as-code) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [yor.io](https://yor.io) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [checkov.io](https://www.checkov.io) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [aws.amazon.com: Policy-based countermeasures for Kubernetes Part 1](https://aws.amazon.com/es/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [Selefra: Selefra is an open-source policy-as-code software that provides analytics for multi-cloud and SaaS.](https://github.com/selefra/selefra) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [neonmirrors.net: Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno 🌟](https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [dev.to: Using Kyverno To Enforce EKS Best Practices](https://dev.to/rinkiyakedad/using-kyverno-to-enforce-eks-best-practices-cad) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Mutating Resources](https://kyverno.io/docs/writing-policies/mutate) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [squadcast.com: Kyverno - Policy Management in Kubernetes 🌟](https://www.squadcast.com/blog/kyverno-policy-management-in-kubernetes) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [neonmirrors.net: Exploring Kyverno: Part 3, Generation](https://neonmirrors.net/post/2020-12/exploring-kyverno-part3) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Generating resources into existing namespaces](https://kyverno.io/docs/writing-policies/generate/#generating-resources-into-existing-namespaces) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [kyverno.io: Auto-Gen Rules for Pod Controllers](https://kyverno.io/docs/writing-policies/autogen) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [nirmata.com: Kubernetes Supply Chain Policy Management with Cosign and Kyverno](https://nirmata.com/2021/08/12/kubernetes-supply-chain-policy-management-with-cosign-and-kyverno) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [neonmirrors.net: Exploring Kyverno: Introduction 🌟](https://neonmirrors.net/post/2020-11/exploring-kyverno-intro) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [nirmata.com: Introducing Kyverno 1.4.2: Trusted And More Efficient!](https://nirmata.com/2021/08/18/introducing-kyverno-1-4-2-trusted-and-more-efficient) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [Policy Reporter 🌟](https://github.com/kyverno/policy-reporter) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [sesin.at: Securing Kubernetes with Kyverno: How to Protect Your Users From Themselves by Ritesh Patel](https://www.sesin.at/2021/08/28/securing-kubernetes-with-kyverno-how-to-protect-your-users-from-themselves-by-ritesh-patel) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [dev.to: Default Kyverno Policies for OpenEBS](https://dev.to/niveditacoder/default-kyverno-policies-for-openebs-4abf) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [dev.to: Using Kyverno Policies for Kubernetes Governance](https://dev.to/mda590/using-kyverno-policies-for-kubernetes-governance-3e17) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [blog.sigstore.dev: How to verify container images with Kyverno using KMS, Cosign, and Workload Identity](https://blog.sigstore.dev/how-to-verify-container-images-with-kyverno-using-kms-cosign-and-workload-identity-1e07d2b85061) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
- [Cloud Custodian](https://github.com/cloud-custodian/cloud-custodian) <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span>
***
💡 **Explore Related:** [Crossplane](./crossplane.md) | [Liquibase](./liquibase.md) | [Kubernetes Security](./kubernetes-security.md)
Reference in New Issue View Git Blame Copy Permalink