10.10. 云安全¶
10.10.1. 云环境自动测试¶
10.10.1.1. k8s¶
- checkov Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew 
- CDK Zero Dependency Container Penetration Toolkit 
- kube hunter Hunt for security weaknesses in Kubernetes clusters 
- KubiScan A tool to scan Kubernetes cluster for risky permissions 
- kubescape kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA 
- kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls 
- peirates Kubernetes Penetration Testing tool 
- datree Prevent Kubernetes misconfigurations from reaching production 
10.10.1.2. 容器¶
- botb A container analysis and exploitation tool for pentesters and engineers 
10.10.2. 安全加固¶
- falco Cloud Native Runtime Security 
10.10.3. 云上扫描¶
- Cloud Custodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources 
- cloudquery cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security