10.10. 云安全

10.10.1. 云环境自动测试

  • checkov Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew

  • CDK Zero Dependency Container Penetration Toolkit

  • kube bench

  • kube hunter Hunt for security weaknesses in Kubernetes clusters

  • KubiScan A tool to scan Kubernetes cluster for risky permissions

  • kubescape kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA

  • peirates Kubernetes Penetration Testing tool

  • botb A container analysis and exploitation tool for pentesters and engineers

  • datree Prevent Kubernetes misconfigurations from reaching production

10.10.2. 安全加固

  • falco Cloud Native Runtime Security

10.10.3. 云上扫描

  • Cloud Custodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

  • cloudquery cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

10.10.4. 靶场环境

  • metarget a framework providing automatic constructions of vulnerable infrastructures.