awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

119 repositorios

Awesome GitHub RepositoriesCloud Security

Platforms for monitoring, auditing, and securing cloud infrastructure.

Explore 119 awesome GitHub repositories matching part of an awesome list · Cloud Security. Refine with filters or upvote what's useful.

Awesome Cloud Security GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • wagoodman/diveAvatar de wagoodman

    wagoodman/dive

    54,242Ver en GitHub↗

    Dive is a command-line tool designed for the analysis and optimization of container images. It functions as a layered storage inspector, allowing users to decompose image manifests to examine individual filesystem layers and identify opportunities to reduce total image size. The tool features a filesystem diffing engine that calculates net changes between sequential layers to highlight redundant data and storage inefficiencies. Users interact with this data through a terminal-based dashboard that provides keyboard-driven navigation of complex file structures and layer metadata. By abstracting

    Analyzes Docker image layers for security and size.

    Goclidockerdocker-image
    Ver en GitHub↗54,242
  • etcd-io/etcdAvatar de etcd-io

    etcd-io/etcd

    51,838Ver en GitHub↗

    etcd is a distributed, strongly consistent key-value store designed to provide reliable storage for critical system metadata and coordination primitives. It functions as a distributed consensus engine, utilizing a replicated log and leader-based state machine to ensure that all nodes in a cluster maintain a synchronized view of data. By providing atomic operations and linearizable reads and writes, it serves as a foundational component for distributed systems requiring high availability and fault tolerance. The system distinguishes itself through its multi-version concurrency control, which e

    Distributed key-value store used in Kubernetes.

    Gocncfconsensusdatabase
    Ver en GitHub↗51,838
  • derailed/k9sAvatar de derailed

    derailed/k9s

    33,983Ver en GitHub↗

    This project is a terminal-based dashboard for managing Kubernetes clusters. It provides a character-based interface that enables real-time monitoring and interactive control of containerized workloads, allowing users to perform administrative tasks such as scaling deployments, viewing logs, and managing port forwarding directly from the command line. The interface is designed for high-speed navigation, utilizing a keyboard-driven command system that maps input sequences to specific operational actions. It maintains an accurate view of the cluster state through asynchronous event polling, ens

    Terminal-based UI for managing Kubernetes clusters.

    Gogogolangk8s
    Ver en GitHub↗33,983
  • kubernetes/minikubeAvatar de kubernetes

    kubernetes/minikube

    31,877Ver en GitHub↗

    Minikube is a command-line tool designed for local Kubernetes development, enabling users to provision and manage full-featured container clusters directly on a workstation. It serves as a local orchestrator that automates the lifecycle of isolated environments, allowing developers to start, stop, pause, and delete clusters to support testing and integration workflows. The project distinguishes itself through its flexible architecture, which supports multiple virtualization drivers and container runtimes to accommodate diverse host environments. It provides deep integration between the host a

    Tool for running local Kubernetes clusters.

    Goclustercncfcontainers
    Ver en GitHub↗31,877
  • kubernetes-sigs/kindAvatar de kubernetes-sigs

    kubernetes-sigs/kind

    15,320Ver en GitHub↗

    This project is a local Kubernetes cluster manager and tool that runs control plane and worker nodes as containers on a host machine. It provides an environment for local development and automated testing by emulating a full Kubernetes cluster within a container runtime. The tool enables the creation of multi-node topologies and high-availability control planes through configuration files. It supports image sideloading to transfer container images directly from the host to nodes, bypassing remote registries, and allows for offline deployments using pre-built node images. Capabilities include

    Runs local Kubernetes clusters using Docker containers.

    Godockergolangk8s-sig-testing
    Ver en GitHub↗15,320
  • toniblyx/prowlerAvatar de toniblyx

    toniblyx/prowler

    14,005Ver en GitHub↗

    Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast

    Security best practices assessment tool for AWS environments.

    Python
    Ver en GitHub↗14,005
  • alfresco/prowlerAvatar de Alfresco

    Alfresco/prowler

    14,005Ver en GitHub↗

    Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove

    Audits AWS security against CIS benchmarks.

    Python
    Ver en GitHub↗14,005
  • canopy-network/canopyAvatar de canopy-network

    canopy-network/canopy

    11,413Ver en GitHub↗

    Canopy is the official Go implementation of a blockchain node that runs a recursive network architecture, enabling new blockchains to launch as dependent layers that can later graduate into fully independent security roots. The project provides a hybrid consensus mechanism that combines Byzantine fault-tolerant Proof-of-Stake with Verifiable-Delay Functions, delivering instant finality while protecting against long-range attacks through trustless chain age verification. Validators secure multiple chains simultaneously through restaking, where a single bonded stake serves as collateral across t

    Sets economic barriers for chains to obtain security from a root based on market demand.

    Goauto-scaling-architecturelayerless-blockchain-creatormesh-security-provider
    Ver en GitHub↗11,413
  • docker/docker-bench-securityAvatar de docker

    docker/docker-bench-security

    9,655Ver en GitHub↗

    This project is a security compliance tool and configuration auditor designed to evaluate Docker deployments against industry security benchmarks. It functions as a script-based scanner that identifies misconfigurations and vulnerabilities within both the host operating system and container settings. The tool specifically implements the Center for Internet Security standards for Docker to verify host and container configurations. It enables a hardening workflow by comparing system states against these standards to identify security gaps and document compliance status. The audit engine suppor

    Checks Docker containers against CIS security benchmarks.

    Shell
    Ver en GitHub↗9,655
  • firezone/firezoneAvatar de firezone

    firezone/firezone

    8,701Ver en GitHub↗

    Firezone is a zero trust network access platform that uses WireGuard to provide identity-based connectivity to internal network resources. It functions as a virtual private network that synchronizes authentication and user groups via OpenID Connect providers. The system implements a group-based access control engine to enforce least privilege by restricting network resources to specific user groups. It utilizes holepunching and relay protocols for NAT traversal to establish encrypted tunnels through firewalls without requiring inbound ports. The platform includes a control plane for managing

    VPN server and firewall management for teams.

    Elixirclouddevsecopselixir
    Ver en GitHub↗8,701
  • aquasecurity/kube-benchAvatar de aquasecurity

    aquasecurity/kube-bench

    8,078Ver en GitHub↗

    kube-bench is a Kubernetes security benchmark scanner and configuration auditor. It verifies if a cluster adheres to the Center for Internet Security standards and other hardening guides to identify security misconfigurations and vulnerabilities. The tool operates as a containerized security scanner, utilizing host namespaces to analyze nodes and control plane components without requiring the installation of binaries directly on the host. It supports multiple Kubernetes distributions, applying environment-specific benchmarks to ensure auditing accuracy for managed services. The project cover

    Audits Kubernetes clusters against CIS benchmarks.

    Go
    Ver en GitHub↗8,078
  • nccgroup/scoutsuiteAvatar de nccgroup

    nccgroup/ScoutSuite

    7,548Ver en GitHub↗

    ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rul

    Multi-cloud security auditing tool for configuration assessment.

    Pythonauditingawsazure
    Ver en GitHub↗7,548
  • cncf/curriculumAvatar de cncf

    cncf/curriculum

    6,578Ver en GitHub↗

    The CNCF Curriculum is an open-source repository that organizes exam domains and learning paths for CNCF certification courses covering Kubernetes and cloud-native technologies. It structures certification content into weighted domains that reflect exam question distribution, providing a structured study guide for candidates preparing for CNCF certifications. The curriculum is organized around multiple cloud-native domains including networking, security, GitOps, platform engineering, and certification preparation. It teaches cloud-native concepts through the lens of building and operating int

    Teaches fundamental security concepts for securing container-based applications in cloud native environments.

    cncf
    Ver en GitHub↗6,578
  • cloudquery/cloudqueryAvatar de cloudquery

    cloudquery/cloudquery

    6,438Ver en GitHub↗

    CloudQuery is a cloud infrastructure ETL tool and multi-cloud data pipeline designed to collect, synchronize, and normalize resource metadata from various cloud providers and SaaS platforms. It functions as a centralized asset inventory manager and security posture manager, extracting configuration and state data into relational databases, data lakes, or data warehouses. The system distinguishes itself by transforming complex, nested cloud API responses into flat relational tables, enabling the use of standard SQL for asset querying and analysis. It employs a modular plugin system for data ex

    Transforms cloud infrastructure into queryable SQL tables.

    Goairbyteattack-surface-managementaws
    Ver en GitHub↗6,438
  • duo-labs/cloudmapperAvatar de duo-labs

    duo-labs/cloudmapper

    6,259Ver en GitHub↗

    Analyzes AWS environments for security posture.

    JavaScriptawscytoscapediagram
    Ver en GitHub↗6,259
  • microsoft/security-101Avatar de microsoft

    microsoft/Security-101

    6,203Ver en GitHub↗

    Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do

    Covers cloud-based security services that combine network security and wide-area networking.

    HTMLappseccia-triaddata-protection
    Ver en GitHub↗6,203
  • learntocloud/learn-to-cloudAvatar de learntocloud

    learntocloud/learn-to-cloud

    5,768Ver en GitHub↗

    A courseware built on the belief that anyone can learn foundational cloud engineering skills with the right guide and discipline

    Provides curriculum on IAM, secrets management, network controls, and incident response for cloud apps.

    CSSawsazurecloud
    Ver en GitHub↗5,768
  • deepfence/threatmapperAvatar de deepfence

    deepfence/ThreatMapper

    5,282Ver en GitHub↗

    ThreatMapper es una plataforma de protección de aplicaciones nativas de la nube y escáner de seguridad de infraestructura. Funciona como un sistema de gestión de vulnerabilidades y recolector de telemetría de cargas de trabajo en la nube diseñado para monitorear cargas de trabajo y detectar riesgos de seguridad en entornos de nube y contenedores. La plataforma se distingue por un visualizador de tráfico de red que utiliza aprendizaje automático para clasificar patrones de comunicación y un sistema de mapeo de ataques basado en grafos para identificar rutas de alto riesgo entre vulnerabilidades y dependencias de red. Sus capacidades más amplias cubren la auditoría de cumplimiento de infraestructura en la nube frente a benchmarks de seguridad, detección de amenazas en producción para malware y secretos expuestos, y la recolección de paquetes de red y telemetría de cargas de trabajo a través de sensores distribuidos. El despliegue de componentes de escaneo a través de entornos de nube, clústeres y máquinas virtuales se gestiona mediante herramientas de contenedores e infraestructura como código.

    Runtime vulnerability and compliance scanner for cloud environments.

    TypeScriptcloud-nativecloudsecuritycnapp
    Ver en GitHub↗5,282
  • rhinosecuritylabs/pacuAvatar de RhinoSecurityLabs

    RhinoSecurityLabs/pacu

    5,234Ver en GitHub↗

    Pacu es un framework de explotación diseñado para auditar y probar la seguridad de entornos de Amazon Web Services. Sirve como herramienta de pruebas de penetración en la nube y enumerador de recursos utilizado para identificar configuraciones erróneas, mapear superficies de ataque y ejecutar rutas de escalada de privilegios. El framework proporciona capacidades especializadas para operaciones de post-explotación y equipos rojos (red team), incluyendo el establecimiento de persistencia mediante la creación de puertas traseras en la gestión de identidad y acceso. Se distingue por un sistema de módulos basado en plugins que permite el desarrollo de tareas personalizadas y la orquestación de solicitudes de API en múltiples regiones geográficas. El proyecto cubre una amplia gama de actividades de auditoría de seguridad, incluyendo enumeración de infraestructura, exfiltración de datos de servicios de almacenamiento y auditoría de identidad. Incluye herramientas para la ejecución remota de código mediante inyección de carga útil y scripts de inicio, así como capacidades para interrumpir servicios de detección y analizar el movimiento lateral en la red. Pacu gestiona claves de autenticación específicas del objetivo y metadatos de sesión utilizando contenedores aislados y una base de datos local para mantener el estado y reducir las llamadas a la API.

    Exploitation framework for testing AWS security.

    Python
    Ver en GitHub↗5,234
  • aquasecurity/kube-hunterAvatar de aquasecurity

    aquasecurity/kube-hunter

    5,064Ver en GitHub↗

    Kube-hunter es un escáner de seguridad y cazador de vulnerabilidades para clústeres de Kubernetes. Opera como una herramienta de penetración nativa de la nube diseñada para identificar debilidades de seguridad, configuraciones erróneas de infraestructura y brechas explotables mediante la simulación de técnicas de atacantes. La herramienta se distingue por un motor de escaneo de modo dual que ejecuta tanto sondas externas remotas como escaneos de red internos. Cuenta con suplantación de identidad basada en roles, lo que le permite utilizar tokens de cuentas de servicio e identidades de pod para simular el acceso de seguridad desde roles de clúster específicos y determinar el radio de explosión potencial de un compromiso de contenedor. El proyecto cubre una amplia superficie de capacidades de evaluación de seguridad, incluyendo escaneo de vulnerabilidades de clúster, mapeo de topología de red interna y verificación de cumplimiento. Puede detectar secretos expuestos, analizar plantillas de infraestructura en busca de configuraciones erróneas y realizar intentos de explotación activa para verificar que las vulnerabilidades descubiertas sean aprovechables. La aplicación se empaqueta como un ejecutable independiente para eliminar dependencias de tiempo de ejecución durante el despliegue.

    Scans Kubernetes clusters for security weaknesses.

    Python
    Ver en GitHub↗5,064
Ant.12345…6Siguiente
  1. Home
  2. Part of an Awesome List
  3. Security & Privacy
  4. Cloud Security

Explorar subetiquetas

  • Fundamentals CurriculaEducational content covering IAM, secrets management, network controls, and incident response for cloud applications. **Distinct from Cloud Security:** Distinct from Cloud Security: focuses on educational curriculum, not monitoring or auditing platforms.
  • Kubernetes Security FundamentalsCore security concepts for container-based applications and cloud native environments. **Distinct from Cloud Security:** Distinct from Cloud Security: focuses on Kubernetes-specific security fundamentals, not general cloud infrastructure security.
  • Security-as-a-Service Models2 sub-etiquetasCloud-based services that combine network security and wide-area networking for secure remote access. **Distinct from Cloud Security:** Distinct from Cloud Security: focuses on delivering security as a managed cloud service rather than general cloud infrastructure monitoring and auditing.