Kubernetes Security Tools

Imaging Security Scanning

• Clair (Open Source)
• Anchore (Open Source)
• AWS ECR Image Scanning (Commercial - Based on Clair)
• JFrog XRay (Commercial)
• Sysdig Secure (Commercial - Based on Anchore)
• Google Container Analysis (Commercial)
• Twistlock (Commerical)

Kubernetes Security Scanning

• Kubesec
• Kube-bench
• Kube-hunter
• Kube-scan

Linting

• Kube Linter (By StackRox)

Kubernetes Security Policy

• Pod Security Policy
• Open Policy Agent
• GateKeeper

Network Policy / Service Mesh

• istio
• Linkerd

Ephemeral Containers (Live Debugging)

???

Monitoring

• Splunk Connect for K8s (SCK)
• Sysdig Falco
• Kubernetes cluster monitoring (via Prometheus)

Ingress

• Nginx Ingress Controller
• Traefik