10.10. 云安全¶
10.10.1. 云环境自动测试¶
checkov Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew
CDK Zero Dependency Container Penetration Toolkit
kube hunter Hunt for security weaknesses in Kubernetes clusters
KubiScan A tool to scan Kubernetes cluster for risky permissions
kubescape kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
peirates Kubernetes Penetration Testing tool
botb A container analysis and exploitation tool for pentesters and engineers
datree Prevent Kubernetes misconfigurations from reaching production
10.10.2. 安全加固¶
falco Cloud Native Runtime Security
10.10.3. 云上扫描¶
Cloud Custodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
cloudquery cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security
10.10.4. 靶场环境¶
metarget a framework providing automatic constructions of vulnerable infrastructures.