-
Trivy: An open-source vulnerability scanner that analyzes containers, dependencies, and configurations to detect security flaws. (static analysis)
-
Falco: A real-time intrusion detection tool for Kubernetes and Linux that monitors abnormal process and system behaviors.
-
AppArmor: A Linux kernel security module that enforces access control policies to restrict application actions.
-
Bom: is a CLI tool used to generate SBOMs (Software Bill of Materials) in SPDX format, helping to track software dependencies and ensure security & compliance
-
Kube-bench: checks Kubernetes clusters against the CIS (Center for Internet Security) Benchmark
-
Kubesec: analyzes Kubernetes manifests to identify potential security risks and provides recommendations for improving security configurations
-
strace: shows system calls made by process or command in real-time