云安全
========================================

云环境自动测试
----------------------------------------
- `checkov <https://github.com/bridgecrewio/checkov>`_ Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew
- `CDK <https://github.com/cdk-team/CDK>`_ Zero Dependency Container Penetration Toolkit
- `kube bench <https://github.com/aquasecurity/kube-bench>`_
- `kube hunter <https://github.com/aquasecurity/kube-hunter>`_ Hunt for security weaknesses in Kubernetes clusters
- `KubiScan <https://github.com/cyberark/KubiScan>`_ A tool to scan Kubernetes cluster for risky permissions
- `kubescape <https://github.com/armosec/kubescape>`_ kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
- `peirates <https://github.com/inguardians/peirates>`_ Kubernetes Penetration Testing tool
- `botb <https://github.com/brompwnie/botb>`_ A container analysis and exploitation tool for pentesters and engineers
- `datree <https://github.com/datreeio/datree>`_ Prevent Kubernetes misconfigurations from reaching production

安全加固
----------------------------------------
- `falco <https://github.com/falcosecurity/falco>`_ Cloud Native Runtime Security

云上扫描
----------------------------------------
- `Cloud Custodian <https://github.com/cloud-custodian/cloud-custodian>`_ Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
- `cloudquery <https://github.com/cloudquery/cloudquery>`_ cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

靶场环境
----------------------------------------
- `metarget <https://github.com/Metarget/metarget>`_ a framework providing automatic constructions of vulnerable infrastructures.