# Kubernetes Workload Security Scanners > Search results for `scan running Kubernetes workloads for risky configs` on awesome-repositories.com. 113 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/scan-running-kubernetes-workloads-for-risky-configs **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/scan-running-kubernetes-workloads-for-risky-configs).** ## Results - [kubernetes/kubernetes](https://awesome-repositories.com/repository/kubernetes-kubernetes.md) (123,197 ⭐) — Kubernetes is a distributed container orchestration platform that automates the deployment, scaling, and management of containerized applications across clusters of computing nodes. It functions as a declarative infrastructure controller, utilizing a control loop architecture that continuously monitors the current system state against user-defined configurations to ensure desired operational outcomes. The system relies on a centralized API-driven interface and a replicated key-value store to maintain a consistent source of truth for all cluster objects. The platform distinguishes itself throu - [trufflesecurity/trufflehog](https://awesome-repositories.com/repository/trufflesecurity-trufflehog.md) (24,630 ⭐) — Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor - [projectdiscovery/subfinder](https://awesome-repositories.com/repository/projectdiscovery-subfinder.md) (13,105 ⭐) — Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc - [projectdiscovery/nuclei](https://awesome-repositories.com/repository/projectdiscovery-nuclei.md) (29,189 ⭐) — Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ - [usestrix/strix](https://awesome-repositories.com/repository/usestrix-strix.md) (20,138 ⭐) — Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno - [kubernetes/examples](https://awesome-repositories.com/repository/kubernetes-examples.md) (6,651 ⭐) — Welcome to the official Kubernetes Examples repository! This curated collection, stewarded by SIG Apps, provides high-quality, educational examples for running a diverse range of applications and workloads on Kubernetes. - [kedacore/keda](https://awesome-repositories.com/repository/kedacore-keda.md) (10,314 ⭐) — KEDA is a Kubernetes event-driven autoscaler and cloud event scaling engine. It functions as a custom metrics provider that monitors external event sources—including message brokers, databases, and cloud metrics—to dynamically adjust the replica counts of containerized workloads. The project is distinguished by its scale-to-zero workflow, which reduces workloads to zero replicas during inactivity and automatically restarts them when new events are detected. It operates as a multi-cloud event trigger system, using a pluggable scaler interface to integrate with a wide array of third-party servi - [tencent/ai-infra-guard](https://awesome-repositories.com/repository/tencent-ai-infra-guard.md) (2,971 ⭐) — AI-Infra-Guard is a security scanning platform designed to detect vulnerabilities across large language model deployments, AI agent skills, and the underlying infrastructure. It functions as a security toolset for auditing source code, evaluating model robustness, and identifying insecure network configurations. The project provides a red teaming framework that uses curated attack datasets to test for jailbreak vulnerabilities and prompt injections. It also includes an infrastructure auditor that employs network fingerprinting and asset discovery to match running components against known comm - [run-house/kubetorch](https://awesome-repositories.com/repository/run-house-kubetorch.md) (1,212 ⭐) — Distribute and run AI workloads on Kubernetes magically in Python, like PyTorch for ML infra. - [blacklanternsecurity/bbot](https://awesome-repositories.com/repository/blacklanternsecurity-bbot.md) (9,929 ⭐) — This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte - [rcourtman/pulse](https://awesome-repositories.com/repository/rcourtman-pulse.md) (4,672 ⭐) — Pulse is an AI-driven infrastructure monitoring platform that unifies observation of Docker, Kubernetes, and Proxmox environments. It uses historical baselines and anomaly detection to scan infrastructure for actionable issues, and offers a natural language interface for querying system state. The platform distinguishes itself with agent-based auto-discovery—a single binary automatically detects container and virtualization hosts without manual setup. It supports approval-based remediation workflows, where AI-proposed fix commands are presented to the user and executed only after explicit aut - [spaceraccoon/npm-scan](https://awesome-repositories.com/repository/spaceraccoon-npm-scan.md) (50 ⭐) — An extensible, heuristic-based vulnerability scanning tool for installed npm packages - [atuinsh/atuin](https://awesome-repositories.com/repository/atuinsh-atuin.md) (30,266 ⭐) — Atuin is a command-line tool that replaces standard shell history with a searchable, encrypted SQLite database. By hooking into shell initialization scripts, it provides an interactive, keyboard-driven interface for real-time command filtering and retrieval. The platform ensures data privacy through a client-side encryption layer, securing sensitive history and configuration data before it is synchronized across multiple machines. Beyond history management, Atuin functions as an executable documentation platform that enables teams to create and share interactive runbooks. These documents use - [octarinesec/kube-scan](https://awesome-repositories.com/repository/octarinesec-kube-scan.md) (803 ⭐) — Try our free Kubernetes risk assessment tool today. Run it on any cluster at any time. No data leaves your cluster. We do not collect any information. For more information on Octarine see https://www.octarinesec.com. - [linkerd/linkerd2](https://awesome-repositories.com/repository/linkerd-linkerd2.md) (11,424 ⭐) — This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu - [moradotai/cms-scan](https://awesome-repositories.com/repository/moradotai-cms-scan.md) (1 ⭐) — An active scan extension for Burp that provides supplemental coverage when testing popular content management systems. - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [future-architect/vuls](https://awesome-repositories.com/repository/future-architect-vuls.md) (12,185 ⭐) — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit - [quarkusio/quarkus](https://awesome-repositories.com/repository/quarkusio-quarkus.md) (15,479 ⭐) — Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program - [18f/domain-scan](https://awesome-repositories.com/repository/18f-domain-scan.md) (388 ⭐) — A lightweight scan pipeline for orchestrating third party tools, at scale and (optionally) using serverless infrastructure. - [0x4m4/hexstrike-ai](https://awesome-repositories.com/repository/0x4m4-hexstrike-ai.md) (9,617 ⭐) — This project is a comprehensive security platform providing an LLM security orchestration framework, an AI agent firewall, and tools for vulnerability remediation, compliance automation, and endpoint protection. It functions as a centralized system to protect AI models from adversarial exploits while managing the identification and patching of software flaws. The platform distinguishes itself through the coordination of specialized AI agents to automate complex security workflows, including reconnaissance, bug hunting, and exploit development. It implements dedicated guardrails to block promp - [coreos/clair](https://awesome-repositories.com/repository/coreos-clair.md) (11,011 ⭐) — Clair is a container vulnerability scanner that performs static analysis of container images to identify known security vulnerabilities. It functions as an analyzer for OCI and Docker images, indexing their contents to detect security risks and outdated packages without requiring the containers to be running. The tool identifies vulnerabilities by matching indexed container components against security databases to find common vulnerabilities and exposures. This process involves analyzing filesystem layers to track the provenance and versioning of packages across the image hierarchy. The proj - [kongbytes/arp-scan-rs](https://awesome-repositories.com/repository/kongbytes-arp-scan-rs.md) (162 ⭐) — A minimalistic ARP scan tool written in Rust for fast local network scans - [hashicorp/terraform](https://awesome-repositories.com/repository/hashicorp-terraform.md) (48,720 ⭐) — Terraform is a declarative infrastructure-as-code tool designed to manage the lifecycle of cloud and on-premises resources. It functions as a workflow engine that reconciles a defined desired state against real-world infrastructure, using a persistent state-tracking layer to maintain consistency and visibility across distributed environments. By mapping infrastructure components into a directed acyclic graph, the system calculates the optimal order for provisioning, updating, or destroying resources. The platform is distinguished by its extensible plugin-based architecture, which decouples co - [bitnami/charts](https://awesome-repositories.com/repository/bitnami-charts.md) (10,374 ⭐) — This project is a Helm chart repository and Kubernetes application catalog providing standardized deployment templates for popular open-source software. It serves as a library of pre-configured packages designed to automate the installation and configuration of server-side applications on container clusters. The collection includes a suite of hardened container images built on minimal base layers to reduce the attack surface. These images undergo automated vulnerability scanning and triage within the release pipeline to identify and remediate security flaws before deployment. The project man - [openfaas/faas](https://awesome-repositories.com/repository/openfaas-faas.md) (26,092 ⭐) — OpenFaaS is a serverless function platform that provides a container-native framework for deploying and managing event-driven code. It functions as an abstraction layer over container orchestrators, allowing developers to package code into scalable functions that run across Kubernetes clusters or edge computing environments. The platform distinguishes itself through a developer-centric runtime that utilizes standardized language templates and automated build pipelines to simplify the creation of container images. It features a central API gateway that manages request routing, authentication, - [go-external-config/go](https://awesome-repositories.com/repository/go-external-config-go.md) (1 ⭐) — Stop writing config loading code. Just drop application.yaml and run. - [nestjsx/nestjs-config](https://awesome-repositories.com/repository/nestjsx-nestjs-config.md) (703 ⭐) — Config module for nestjs using dotenv :key: - [zan8in/afrog](https://awesome-repositories.com/repository/zan8in-afrog.md) (4,182 ⭐) — afrog is an HTTP vulnerability scanner and web vulnerability management system that identifies security flaws and known CVEs using a YAML-based rule engine. It functions as a payload generator and scanner, comparing server responses against detection rules to find unauthorized access points. The project provides a framework for out-of-band security testing, detecting blind vulnerabilities by triggering and verifying external DNS or HTTP callbacks. Beyond web traffic, it includes a protocol fuzzer capable of executing multi-step read and write sequences over raw TCP and SSL sockets to identify - [kubescape/kubescape](https://awesome-repositories.com/repository/kubescape-kubescape.md) (11,489 ⭐) — Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo - [docker/compose](https://awesome-repositories.com/repository/docker-compose.md) (37,588 ⭐) — Docker Compose is a tool for defining and running multi-container applications through declarative configuration files. It functions as an application lifecycle manager, coordinating the startup, shutdown, and scaling of interconnected services within isolated environments. By using a standardized configuration format, it enables infrastructure as code, allowing developers to manage complex application stacks and their dependencies in a single, repeatable file. The project distinguishes itself by integrating directly with the broader Docker platform, leveraging a client-server architecture wh - [tailscale/tailscale](https://awesome-repositories.com/repository/tailscale-tailscale.md) (32,596 ⭐) — Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it - [spotoninc/renovate-config](https://awesome-repositories.com/repository/spotoninc-renovate-config.md) (53 ⭐) — Sharable Config Presets for Renovatebot, especially useful for DevOps folks - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It - [lensapp/lens](https://awesome-repositories.com/repository/lensapp-lens.md) (23,180 ⭐) — Lens is a multi-cluster management platform and desktop application for administering Kubernetes environments. It provides a graphical interface for deploying Helm charts, editing YAML manifests, and managing the lifecycle of pods and deployments. The project features an AI-powered cluster assistant that enables users to query cluster state, perform autonomous troubleshooting, and translate natural language requests into system commands. It also supports collaborative team access through shared spaces, utilizing encrypted cluster sharing and role-based access control to manage credentials and - [fabric8io/kubernetes-client](https://awesome-repositories.com/repository/fabric8io-kubernetes-client.md) (3,661 ⭐) — Java client for Kubernetes & OpenShift - [keygraphhq/shannon](https://awesome-repositories.com/repository/keygraphhq-shannon.md) (44,672 ⭐) — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica - [kubernetes-client/python](https://awesome-repositories.com/repository/kubernetes-client-python.md) (7,605 ⭐) — Python client for the kubernetes API. - [infinition/bjorn](https://awesome-repositories.com/repository/infinition-bjorn.md) (5,656 ⭐) — Bjorn is a penetration testing framework that automates network scanning, credential brute-forcing, vulnerability assessment, and data exfiltration, all coordinated through an event-driven task pipeline and controlled via a web-based dashboard. Its modular plugin architecture allows independent security modules to be loaded and chained together, with an asynchronous network scanner discovering live hosts and open ports without blocking the main execution flow. The framework distinguishes itself by integrating a credential brute-force engine that systematically attempts login combinations agai - [feiskyer/kubernetes-handbook](https://awesome-repositories.com/repository/feiskyer-kubernetes-handbook.md) (5,537 ⭐) — Kubernetes Handbook (Kubernetes指南) https://kubernetes.feisky.xyz - [antfu/eslint-config](https://awesome-repositories.com/repository/antfu-eslint-config.md) (6,210 ⭐) — Anthony's ESLint config preset - [istio/istio](https://awesome-repositories.com/repository/istio-istio.md) (38,226 ⭐) — Istio is a service mesh infrastructure that provides a centralized control plane to manage, secure, and observe communication between distributed microservices. It functions as a policy-driven network traffic controller, enabling developers to route, balance, and secure service-to-service traffic without requiring modifications to application code. The system enforces zero-trust security by utilizing mutual transport layer authentication to verify cryptographic identities for every network request. The project distinguishes itself through a sidecar-less proxy architecture, which offloads netw - [quay/clair](https://awesome-repositories.com/repository/quay-clair.md) (11,012 ⭐) — Clair is a container image vulnerability scanner and security analyzer. It performs static analysis of container images by matching package contents against vulnerability databases to identify security risks across different package formats and architectures. The project functions as both an image indexer and a vulnerability database manager. It processes container layers into intermediate representations to enable fast security lookups and synchronizes security metadata from multiple external sources to maintain a local registry. Capability areas include continuous security monitoring, whic - [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent. - [nameful/scan](https://awesome-repositories.com/repository/nameful-scan.md) (11 ⭐) — Sliding Convolutional Attention Network for Scene Text Recognition - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports - [netcan/config-loader](https://awesome-repositories.com/repository/netcan-config-loader.md) (247 ⭐) — Simple C++ Config Loader Framework(Serialization & Reflection) - [kananinirav/aws-certified-cloud-practitioner-notes](https://awesome-repositories.com/repository/kananinirav-aws-certified-cloud-practitioner-notes.md) (3,829 ⭐) — This project is a collection of structured study notes and conceptual breakdowns designed for the AWS Certified Cloud Practitioner exam. It serves as a technical reference and study guide, organizing cloud service details and architectural principles to assist in certification preparation. The knowledge base is built using markdown files and includes curated cheat sheets and interactive mind-map visualizations. These tools map complex certification topics into visual hierarchies to enable drill-down study paths and rapid revision. The materials cover a wide range of cloud capabilities, inclu - [goldbergyoni/javascript-testing-best-practices](https://awesome-repositories.com/repository/goldbergyoni-javascript-testing-best-practices.md) (24,589 ⭐) — This project is a comprehensive knowledge base and educational resource for JavaScript developers, focused on establishing industry-standard methodologies for automated software testing. It provides a structured collection of design patterns and actionable guidelines designed to improve code reliability, maintainability, and overall software quality across the development lifecycle. The repository distinguishes itself by offering a granular, pattern-based approach to testing that spans unit, integration, and end-to-end verification. It emphasizes specific architectural strategies such as comp - [kubeshark/kubeshark](https://awesome-repositories.com/repository/kubeshark-kubeshark.md) (11,954 ⭐) — Kubeshark is a network observability platform designed for Kubernetes environments, functioning as an eBPF-powered engine for cluster-wide traffic analysis. It captures, indexes, and visualizes network activity and API calls directly from the kernel, providing deep visibility into service-to-service communication without requiring sidecar proxies or manual code instrumentation. The platform distinguishes itself through its ability to perform protocol-aware traffic dissection and user-space cryptographic hooking, which allows for the inspection of encrypted traffic and the reconstruction of ap