# Kubernetes Cluster Security Scanners > Search results for `Kubernetes cluster security scanner` on awesome-repositories.com. 113 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/kubernetes-cluster-security-scanner **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/kubernetes-cluster-security-scanner).** ## Results - [kubernetes/kubernetes](https://awesome-repositories.com/repository/kubernetes-kubernetes.md) (123,197 ⭐) — Kubernetes is a distributed container orchestration platform that automates the deployment, scaling, and management of containerized applications across clusters of computing nodes. It functions as a declarative infrastructure controller, utilizing a control loop architecture that continuously monitors the current system state against user-defined configurations to ensure desired operational outcomes. The system relies on a centralized API-driven interface and a replicated key-value store to maintain a consistent source of truth for all cluster objects. The platform distinguishes itself throu - [owasp/cheatsheetseries](https://awesome-repositories.com/repository/owasp-cheatsheetseries.md) (32,298 ⭐) — The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral - [opsnull/follow-me-install-kubernetes-cluster](https://awesome-repositories.com/repository/opsnull-follow-me-install-kubernetes-cluster.md) (7,546 ⭐) — This project provides a comprehensive guide and set of scripts for deploying and configuring a production-ready Kubernetes cluster from scratch. It centers on establishing a functional environment by installing core management components, storage, and networking across multiple nodes. The implementation emphasizes high availability for the control plane, utilizing layer-4 load balancing and leader election for the API server, scheduler, and controller manager. It further ensures reliability through the deployment of a distributed key-value store for persistent runtime data. The project cover - [gravitational/teleport](https://awesome-repositories.com/repository/gravitational-teleport.md) (19,863 ⭐) — Teleport is a zero-trust access platform designed to provide secure, identity-based connectivity to servers, databases, and Kubernetes clusters. It functions as a centralized gateway that replaces static credentials with short-lived, identity-bound cryptographic certificates, effectively eliminating the need for traditional VPNs and long-term secret exposure. The platform distinguishes itself by orchestrating access through a unified control plane that maps external identity provider claims to granular, role-based infrastructure permissions. It enforces security through mutual TLS gateways an - [kubernetes/kops](https://awesome-repositories.com/repository/kubernetes-kops.md) (16,631 ⭐) — kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve - [onedr0p/cluster-template](https://awesome-repositories.com/repository/onedr0p-cluster-template.md) (2,631 ⭐) — This project is a Kubernetes cluster management framework and infrastructure-as-code template designed to bootstrap and maintain Talos Kubernetes clusters on bare-metal or virtual machines. It provides a structured system for deploying complete orchestration environments using declarative configurations and template-driven workflows. The framework distinguishes itself through a GitOps-driven execution model that utilizes Flux for state reconciliation and Renovate for automated dependency updates of Helm charts and container images. It employs a TOML-based configuration system to generate envi - [google/osv-scanner](https://awesome-repositories.com/repository/google-osv-scanner.md) (10,565 ⭐) — osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i - [vinum-security/kubernetes-security-checklist](https://awesome-repositories.com/repository/vinum-security-kubernetes-security-checklist.md) (489 ⭐) — There are many ways to make your cluster secure, but we have chosen only one, the most difficult and controversial in some places. We do not guarantee that it will be completely suitable for your infrastructure, but we hope this checklist can help you include those things that you may have… - [cpeoples/ansible-security-scanner](https://awesome-repositories.com/repository/cpeoples-ansible-security-scanner.md) (4 ⭐) — 🛡️ Static security scanner (SAST) for Ansible playbooks, roles, and collections. 1,000+ rules across 30+ categories detecting malicious code, RCE, hardcoded credentials, and supply-chain risk. Outputs SARIF, CycloneDX SBOM, and GitLab SAST. SLSA Build Level 3, Sigstore-signed. - [armosec/kubescape](https://awesome-repositories.com/repository/armosec-kubescape.md) (11,482 ⭐) — Kubescape is a security platform for Kubernetes that provides tools for scanning clusters, configurations, and container images against industry compliance and security benchmarks. It functions as a suite of security utilities, including a compliance auditor, a misconfiguration scanner, and a container vulnerability scanner. The project differentiates itself through automated remediation and active enforcement. It can automatically patch operating system vulnerabilities in images and fix security errors within manifest files. It also utilizes an admission controller to block the deployment of - [kubernetes-sigs/metrics-server](https://awesome-repositories.com/repository/kubernetes-sigs-metrics-server.md) (6,651 ⭐) — Metrics Server is a lightweight, single-purpose daemon that collects CPU and memory usage data from every node and pod in a Kubernetes cluster and exposes those metrics through a standard Kubernetes API endpoint. It registers as an aggregated extension API server behind the Kubernetes apiserver, making resource utilization data available to the Horizontal Pod Autoscaler and Vertical Pod Autoscaler for automatic replica count and resource request adjustments. The project distinguishes itself by operating as a focused, in-cluster resource metrics collector that polls kubelet summary endpoints a - [google/tsunami-security-scanner](https://awesome-repositories.com/repository/google-tsunami-security-scanner.md) (8,584 ⭐) — Tsunami Security Scanner is a network vulnerability scanner and security auditor designed to identify high-severity flaws across network assets. It functions as an asynchronous security probe engine that utilizes automated probes and specialized detection logic to find critical weaknesses and prioritize remediation efforts. The project is distinguished by a plugin-based scanning engine, which uses a modular architecture of interchangeable detection plugins to identify vulnerabilities. This extensibility allows for the development and integration of custom security plugins to expand the variet - [cilium/cilium](https://awesome-repositories.com/repository/cilium-cilium.md) (23,806 ⭐) — Cilium is a networking, security, and observability platform for containerized environments that leverages kernel-level data paths to process traffic. By executing programs directly within the Linux kernel, it provides high-performance packet filtering, routing, and load balancing without the need for traditional user-space proxies or context switching. The platform distinguishes itself through identity-based security enforcement, which filters traffic based on service labels rather than volatile IP addresses. It integrates containerized workloads with external physical or virtual infrastruct - [walidshaari/certified-kubernetes-security-specialist](https://awesome-repositories.com/repository/walidshaari-certified-kubernetes-security-specialist.md) (2,114 ⭐) — Online curated resources that will help you prepare for taking the Kubernetes Certified Kubernetes Security Specialist CKS Certification exam. - [easzlab/kubeasz](https://awesome-repositories.com/repository/easzlab-kubeasz.md) (11,379 ⭐) — Kubeasz is an automation framework designed for the lifecycle management of production-grade Kubernetes clusters. It functions as an Ansible-based provisioner that orchestrates the installation, scaling, and maintenance of cluster components across distributed Linux nodes. By utilizing inventory-driven management and role-based task modularization, the project ensures that infrastructure configurations remain consistent and reproducible across diverse environments. The platform distinguishes itself through its focus on automated system administration and operational continuity. It provides bu - [f-secure/headless-scanner-driver](https://awesome-repositories.com/repository/f-secure-headless-scanner-driver.md) (21 ⭐) — headless-scanner-driver - [cockroachdb/cockroach](https://awesome-repositories.com/repository/cockroachdb-cockroach.md) (32,207 ⭐) — Cockroach is a distributed SQL database designed to scale horizontally across multiple nodes while maintaining strict ACID compliance and global data consistency. It functions as a relational database engine that automatically partitions data into ranges, rebalancing them across a cluster to accommodate growing storage and throughput requirements. By utilizing a distributed consensus protocol, the system ensures that all nodes agree on the order of operations, providing fault tolerance and continuous availability even in the event of hardware failures. The system distinguishes itself through - [madhuakula/kubernetes-goat](https://awesome-repositories.com/repository/madhuakula-kubernetes-goat.md) (5,686 ⭐) — Kubernetes Goat ✨ The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🚀 - [istio/istio](https://awesome-repositories.com/repository/istio-istio.md) (38,226 ⭐) — Istio is a service mesh infrastructure that provides a centralized control plane to manage, secure, and observe communication between distributed microservices. It functions as a policy-driven network traffic controller, enabling developers to route, balance, and secure service-to-service traffic without requiring modifications to application code. The system enforces zero-trust security by utilizing mutual transport layer authentication to verify cryptographic identities for every network request. The project distinguishes itself through a sidecar-less proxy architecture, which offloads netw - [cncf/curriculum](https://awesome-repositories.com/repository/cncf-curriculum.md) (6,578 ⭐) — The CNCF Curriculum is an open-source repository that organizes exam domains and learning paths for CNCF certification courses covering Kubernetes and cloud-native technologies. It structures certification content into weighted domains that reflect exam question distribution, providing a structured study guide for candidates preparing for CNCF certifications. The curriculum is organized around multiple cloud-native domains including networking, security, GitOps, platform engineering, and certification preparation. It teaches cloud-native concepts through the lens of building and operating int - [kyverno/kyverno](https://awesome-repositories.com/repository/kyverno-kyverno.md) (7,841 ⭐) — Kyverno is a Kubernetes policy engine and cloud native governance tool. It functions as a policy-as-code framework that validates, mutates, and generates resources to enforce security and governance standards within a cluster. The project distinguishes itself through a declarative policy model that utilizes native Kubernetes custom resource definitions, allowing policies to be managed as standard cluster objects without custom code. It provides specific security capabilities for container image verification and signature validation to ensure only trusted images are deployed. Its broader capa - [jetstack/cert-manager](https://awesome-repositories.com/repository/jetstack-cert-manager.md) (13,866 ⭐) — cert-manager is a Kubernetes TLS certificate manager and cluster add-on that automates the issuance and renewal of TLS certificates. It functions as a certificate lifecycle automator, managing certificates as native Kubernetes resources to secure internal and external network traffic. The project includes an ACME protocol client to automate certificate requests and validations from providers. It utilizes a controller to synchronize the desired state of certificates with responses from various certificate authorities. The system covers certificate provisioning from external issuers and vault - [rootsongjc/kubernetes-handbook](https://awesome-repositories.com/repository/rootsongjc-kubernetes-handbook.md) (11,584 ⭐) — This project is a comprehensive infrastructure guide and technical reference for designing and deploying cloud native and AI native environments using Kubernetes. It serves as a manual for managing container orchestration, pod lifecycles, and declarative state reconciliation to maintain scalable cluster workloads. The resource provides instructional material on building custom controllers and implementing operational logic via the operator pattern. It also functions as a framework for optimizing the delivery of large language models through specialized gateways and workload scheduling. The h - [ukhomeoffice/repo-security-scanner](https://awesome-repositories.com/repository/ukhomeoffice-repo-security-scanner.md) (0 ⭐) — CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys - Run it against your entire repo's history by piping the output from git log -p - [lensapp/lens](https://awesome-repositories.com/repository/lensapp-lens.md) (23,180 ⭐) — Lens is a multi-cluster management platform and desktop application for administering Kubernetes environments. It provides a graphical interface for deploying Helm charts, editing YAML manifests, and managing the lifecycle of pods and deployments. The project features an AI-powered cluster assistant that enables users to query cluster state, perform autonomous troubleshooting, and translate natural language requests into system commands. It also supports collaborative team access through shared spaces, utilizing encrypted cluster sharing and role-based access control to manage credentials and - [agones-dev/agones](https://awesome-repositories.com/repository/agones-dev-agones.md) (6,888 ⭐) — Agones is a Kubernetes game server orchestrator designed for hosting, scaling, and managing dedicated multiplayer game servers. It extends the Kubernetes control plane using custom resource definitions to define game server and fleet objects, utilizing a dedicated fleet manager to maintain pools of warm server instances. The system provides a game server SDK and language-specific client libraries that allow server processes to signal readiness, health, and shutdown states directly to the controller. It distinguishes itself through specialized scaling logic, including the use of WebAssembly mo - [efremidze/cluster](https://awesome-repositories.com/repository/efremidze-cluster.md) (1,298 ⭐) — Easy Map Annotation Clustering 📍 - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It - [grafana/xk6-kubernetes](https://awesome-repositories.com/repository/grafana-xk6-kubernetes.md) (83 ⭐) — A k6 extension for interacting with Kubernetes clusters while testing. - [qax-os/excelize](https://awesome-repositories.com/repository/qax-os-excelize.md) (20,682 ⭐) — Excelize is a library for reading and writing spreadsheet files in the Office Open XML format. It provides a comprehensive suite of tools for programmatically creating, modifying, and analyzing workbooks, worksheets, and cell data, ensuring compatibility across various office software suites through structured XML serialization. The library distinguishes itself with a built-in formula calculation engine that evaluates complex mathematical and logical expressions directly against workbook data. It also features a memory-mapped streaming architecture, which allows for the efficient processing o - [lmachens/cluster](https://awesome-repositories.com/repository/lmachens-cluster.md) (1 ⭐) — Clustering solution for Meteor with load balancing and service discovery. - [bitnami/charts](https://awesome-repositories.com/repository/bitnami-charts.md) (10,374 ⭐) — This project is a Helm chart repository and Kubernetes application catalog providing standardized deployment templates for popular open-source software. It serves as a library of pre-configured packages designed to automate the installation and configuration of server-side applications on container clusters. The collection includes a suite of hardened container images built on minimal base layers to reduce the attack surface. These images undergo automated vulnerability scanning and triage within the release pipeline to identify and remediate security flaws before deployment. The project man - [zan8in/afrog](https://awesome-repositories.com/repository/zan8in-afrog.md) (4,182 ⭐) — afrog is an HTTP vulnerability scanner and web vulnerability management system that identifies security flaws and known CVEs using a YAML-based rule engine. It functions as a payload generator and scanner, comparing server responses against detection rules to find unauthorized access points. The project provides a framework for out-of-band security testing, detecting blind vulnerabilities by triggering and verifying external DNS or HTTP callbacks. Beyond web traffic, it includes a protocol fuzzer capable of executing multi-step read and write sequences over raw TCP and SSL sockets to identify - [bearer/bearer](https://awesome-repositories.com/repository/bearer-bearer.md) (2,566 ⭐) — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co - [sundowndev/hacker-roadmap](https://awesome-repositories.com/repository/sundowndev-hacker-roadmap.md) (15,081 ⭐) — Hacker Roadmap is a community-driven repository that functions as a structured learning path and resource directory for cybersecurity and ethical hacking. It organizes complex security concepts into sequential modules, guiding users from fundamental knowledge to advanced technical exploitation skills through a curated collection of educational materials and professional development resources. The project distinguishes itself by acting as a centralized index that maps specialized third-party security software and isolated training environments to specific operational use cases. By aggregating - [netdiscover-scanner/netdiscover](https://awesome-repositories.com/repository/netdiscover-scanner-netdiscover.md) (385 ⭐) — Netdiscover, ARP Scanner (official repository) - [fetchai/innovation-lab-examples](https://awesome-repositories.com/repository/fetchai-innovation-lab-examples.md) (1,028 ⭐) — This project provides a comprehensive framework for building, deploying, and orchestrating autonomous agents within a decentralized network. It serves as a collection of patterns and examples for developing intelligent software entities capable of performing complex tasks, making decisions, and interacting with other agents to achieve shared goals. The framework distinguishes itself through its focus on multi-agent orchestration and decentralized communication. It enables the coordination of specialized agent teams that collaborate on workflows through structured messaging protocols, allowing - [snyk/cli](https://awesome-repositories.com/repository/snyk-cli.md) (5,428 ⭐) — The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f - [carpedm20/awesome-hacking](https://awesome-repositories.com/repository/carpedm20-awesome-hacking.md) (15,722 ⭐) — This project is a comprehensive, community-curated directory of cybersecurity resources, tools, and educational materials. It functions as a centralized index for researchers and students to discover frameworks and utilities across the entire security lifecycle, ranging from initial vulnerability assessment to post-exploitation analysis. The repository distinguishes itself through a hierarchical taxonomy that organizes diverse security disciplines into a searchable, version-controlled knowledge base. Rather than hosting software directly, it utilizes a decentralized aggregation model that lin - [kubernetes-retired/heapster](https://awesome-repositories.com/repository/kubernetes-retired-heapster.md) (2,637 ⭐) — Heapster enables Container Cluster Monitoring and Performance Analysis for Kubernetes (versions v1.0.6 and higher), and platforms which include it. - [florinpop17/app-ideas](https://awesome-repositories.com/repository/florinpop17-app-ideas.md) (95,036 ⭐) — App-ideas is a development platform that integrates autonomous AI agents into local environments to orchestrate code review, automated fix application, and workflow management. It functions as a command-line interface that connects external AI assistants to your codebase, enabling iterative development cycles through plugin-based integration and natural language triggers. The platform distinguishes itself through a robust static analysis engine that traverses syntax trees to enforce structural coding standards and identify violations. Users can define custom review rules, architectural prefer - [wapiti-scanner/wapiti](https://awesome-repositories.com/repository/wapiti-scanner-wapiti.md) (1,806 ⭐) — Web vulnerability scanner written in Python3 - [kodekloudhub/certified-kubernetes-administrator-course](https://awesome-repositories.com/repository/kodekloudhub-certified-kubernetes-administrator-course.md) (10,209 ⭐) — This project is a Kubernetes certification training course and cluster administration guide. It provides an educational program and instructional materials designed to prepare students for the Certified Kubernetes Administrator professional exam. The project functions as an exam simulator and troubleshooting lab, offering mock exams and lightning labs that mimic the practical challenges of the certification process. It includes hands-on practice environments for resolving configuration, storage, and networking issues. The training covers the management of cluster architecture, scheduling, an - [six2dez/reconftw](https://awesome-repositories.com/repository/six2dez-reconftw.md) (7,226 ⭐) — reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio - [encoredev/encore](https://awesome-repositories.com/repository/encoredev-encore.md) (12,049 ⭐) — Encore is a distributed systems framework designed to unify backend development, infrastructure provisioning, and observability. It functions as an infrastructure-as-code platform that allows developers to define cloud resources, databases, and messaging topics directly within their application code. By analyzing these declarations at compile-time, the system automatically manages the deployment of cloud resources and security policies, ensuring parity between local development and production environments. The platform distinguishes itself through its integrated development experience, which - [shadow1ng/fscan](https://awesome-repositories.com/repository/shadow1ng-fscan.md) (13,421 ⭐) — Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing passwor - [juliastats/clustering.jl](https://awesome-repositories.com/repository/juliastats-clustering-jl.md) (373 ⭐) — A Julia package for data clustering - [kubernetes/minikube](https://awesome-repositories.com/repository/kubernetes-minikube.md) (31,877 ⭐) — Minikube is a command-line tool designed for local Kubernetes development, enabling users to provision and manage full-featured container clusters directly on a workstation. It serves as a local orchestrator that automates the lifecycle of isolated environments, allowing developers to start, stop, pause, and delete clusters to support testing and integration workflows. The project distinguishes itself through its flexible architecture, which supports multiple virtualization drivers and container runtimes to accommodate diverse host environments. It provides deep integration between the host a