Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments. It functions as a security policy manager, observability agent, and enforcement engine that hooks into kernel functions and tracepoints to detect privilege escalation, container escapes, and unauthorized system activity. The project distinguishes itself through its ability to perform real-time, in-kernel enforcement, allowing it to synchronously terminate malicious processes or modify function return values before a system call completes. It provides deep Kubernetes integration
OpenShell is a security framework and sandboxed execution runtime for autonomous AI agents. It provides isolated environments using containers and virtual machines to protect host infrastructure and sensitive data from unauthorized access during agent execution. The system distinguishes itself by combining hardware-accelerated passthrough for host GPU access with a security gateway that intercepts model API calls. This gateway manages credentials by stripping caller information and injecting backend secrets, ensuring sensitive API keys remain off the local filesystem. The platform covers bro
This project is an educational resource providing a comprehensive development tutorial for writing and loading eBPF programs using C, Go, and Rust within the Linux kernel. It serves as a technical guide for developing custom logic to execute directly in the kernel. The materials cover specialized domains including kernel observability and tracing, security implementation for intrusion detection, and high-performance network engineering for packet filtering and load balancing. It also includes dedicated manuals for Linux kernel tracing and the use of kprobes, uprobes, and tracepoints. The pro
Kubescape is a security platform for Kubernetes that provides tools for scanning clusters, configurations, and container images against industry compliance and security benchmarks. It functions as a suite of security utilities, including a compliance auditor, a misconfiguration scanner, and a container vulnerability scanner. The project differentiates itself through automated remediation and active enforcement. It can automatically patch operating system vulnerabilities in images and fix security errors within manifest files. It also utilizes an admission controller to block the deployment of