| suricata |
Suricata is an open-source based intrusion detection system (IDS) and intrusion prevention system (IPS). |
Intrusion Detection |
| falco |
Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security. |
Intrusion Detection |
| playwright |
Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API. |
E2E |
| kube-bench |
kube-bench is a tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. |
k8s compliance |
| checkov |
Checkov is a static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations that may lead to security or compliance problems. Checkov includes more than 750 predefined policies to check for common misconfiguration issues. Checkov also supports the creation and contribution of custom policies. |
iac compliance |
| trivy |
Use Trivy to find vulnerabilities & IaC misconfigurations, SBOM discovery, Cloud scanning, Kubernetes security risks,and more. |
“all in one security scanner” |
| k6 |
Load testing,Mix browser and API testing—interact with real browsers and collect frontend metrics,Inject faults in Kubernetes-based apps, Infrastructure testing, Regression testing |
load teesting |
| kubeaudit |
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security |
k8s compliance |
| kubescore |
kube-score is a tool that performs static code analysis of your Kubernetes object definitions |
k8s compliance |
| netfetch |
Kubernetes tool for scanning clusters for network policies and identifying unprotected workloads. |
k8s network policy scanner |
| prowler |
Prowler is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler SaaS. |
compliance scans and forensics |
| elastic search |
Elasticsearch is the distributed search and analytics engine at the heart of the Elastic Stack. Logstash and Beats facilitate collecting, aggregating, and enriching your data and storing it in Elasticsearch. Kibana enables you to interactively explore, visualize, and share insights into your data and manage and monitor the stack. |
metrics, logs & forensics |
| impulse-xdr |
Impulse is a fully automated host & network intrusion detection platform with real-time threat detection sensors, storage and visualisation. It detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools. It can be deployed on any device or VM running Linux such as cloud VMs in VPC networks, VPS servers or personal workstations and IoTs. |
Intrusion Detection |
| greenbone |
This is the OpenVAS Scanner of the Greenbone Community Edition. It is used for the Greenbone Enterprise appliances and is a full-featured scan engine that executes a continuously updated and extended feed of Vulnerability Tests (VTs). |
Vulnerability Scanner |
| quay/clair |
Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including OCI and docker). Clients use the Clair API to index their container images and can then match it against known vulnerabilities. |
static container analysis |
| k8s e2e framework |
The Kubernetes E2E framework simplifies writing Ginkgo tests suites. It’s main usage is for these tests suites in the Kubernetes repository itself |
e2e |
| kubesec |
Kubesec is an open-source Kubernetes security scanner and analysis tool. The way it works, it accepts a single Kubernetes manifests file and provides a severity score for each found vulnerability. |
k8s compliance |
| chef inspec |
Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. It compares the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. It detects violations and displays findings in the form of a report, but puts you in control of remediation. |
compliance |
| testcontainers |
Testcontainers is an open source framework for providing throwaway, lightweight instances of databases, message brokers, web browsers, or just about anything that can run in a Docker container. |
env based testing |
| locust |
Define user behaviour with Python code, and swarm your system with millions of simultaneous users. |
load testing |
