It’s that time of the year again - for some people October is a month of beer, and for others (like us) it’s hacking time! Hacktoberfest, named after the famous German festival Oktoberfest, is a wonderful initiative that invites developers from around the world to participate and contribute to Open Source.
At Aqua, we believe open source is an essential part of our success and growth, and that by building open source projects and contributions we help improve security across the cloud native community.
As we enter October, we wanted to extend our appreciation for open source and the community by joining Hacktoberfest and reward you, the developers who make it happen. The idea is to encourage useful contributions to Aqua’s open source projects, such as new features, bug fixes, extended compatibility, performance enhancements, etc.
Trivy is our open source container image vulnerability scanner. It uses a unique approach to collecting vulnerabilities and fixes which puts it on top when it comes to detection accuracy. Additionally, its support for a wide variety of operating systems, package managers, and build formats, makes it the ultimate open source container vulnerability scanner.
Kube-bench is our Kubernetes best practice benchmarking tool based on the established CIS Kubernetes Benchmark. It can scan for misconfigurations and potential issues with your installations and provide actionable solutions. We are also expanding kube-bench with other “benches”, such as docker-bench, linux-bench, and more to come.
Kube-hunter is our penetration testing tool for Kubernetes. This tool is a collection of procedures and techniques that try to find vulnerabilities and mis-configurations in your cluster that might expose it to attacks. As opposed to kube-bench, which checks configurations against best practices, kube-hunter uses actual attack scripts to see if your cluster is susceptible.
Kubectl-who-can is a kubectl plugin that complements kubectl’s built-in commands with a comprehensive report that helps assess who has which RBAC permissions to which resources in your cluster.
Feel free to browse our projects, review the open issues or open new ones, and start hacking.
Please review the contribution guidelines for each project before submitting a pull request – they define what we consider eligible for the above giveaways.
Watch Liz Rice giving shout out to contributors
to Aqua Security's Open Source tools
Cloud Native Computing, Aqua Open Source, Kubernetes Security
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.