Search Results for "kernel security"
Sort By:
Showing 14 open source projects for "kernel security"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Cloud tools for web scraping and data extractionAutomate web data collection with cloud tools that handle anti-bot measures, browser rendering, and data transformation out of the box. Extract content from any website, push to vector databases for RAG workflows, or pipe directly into your apps via API. Schedule runs, set up webhooks, and connect to your existing stack. Free tier available, then scale as you need to.
-
1
gVisor
Application Kernel for Containers
gVisor is an application kernel developed by Google that provides a strong layer of isolation between applications and the host operating system. Written in Go, it implements a Linux-compatible system call interface that runs entirely in user space, creating a secure sandboxed environment for containers. Unlike traditional virtual machines or lightweight syscall filters, gVisor follows a third approach that offers many of the security benefits of virtualization while maintaining the speed, resource efficiency, and flexibility of containers. ... -
2
Tetragon
eBPF-based Security Observability and Runtime Enforcement
...Synchronous monitoring, filtering, and enforcement completely in the kernel with eBPF. -
3
MemGuard
Secure software enclave for storage of sensitive information in memory
This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go. Sensitive data is encrypted and authenticated in memory with XSalsa20Poly1305. The scheme used also defends against cold-boot attacks. Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage collector. Buffers that store... -
4
Elkeid
Open source solution that can meet the requirements of workloads
Elkeid is an open-source platform for security and intrusion-detection that aims to support a wide variety of deployment contexts — from bare-metal hosts to containers, Kubernetes clusters, and even serverless environments. It was born out of ByteDance’s internal security best practices, offering for community users a subset of its enterprise-grade capabilities. Elkeid combines kernel-level data collection, user-space agents, and runtime instrumentation (RASP) to detect malicious behavior, file anomalies, runtime exploits, and suspicious container activity. ... -
Atera all-in-one platform IT management software with AI agentsAtera’s AI agents don’t just assist, they act. From detection to resolution, they handle incidents and requests instantly, taking your IT management from automated to autonomous.
-
5
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
syzkaller is Google’s coverage-guided, feedback-driven kernel fuzzer designed to uncover reliability and security bugs in operating system kernels at scale. It automatically generates, mutates, and minimizes system call programs, then drives them through a specialized executor (syz-executor) to exercise deep kernel paths. The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. ... -
6
Cilium
eBPF-based networking, security, and observability
Cilium is open-source software for providing, securing and observing network connectivity between container workloads, cloud-native, and fueled by the revolutionary Kernel technology eBPF. Kubernetes doesn't come with an implementation of Load Balancing. This is usually left as an exercise for your cloud provider or in private cloud environments an exercise for your networking team. Cilium can attract this traffic with BGP and accelerate leveraging XDP and eBPF. Together these technologies... -
7
Hubble
Network, Service & Security Observability for Kubernetes using eBPF
Hubble is a fully distributed networking and security observability platform for cloud native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner. The Linux kernel technology eBPF is enabling visibility into systems and applications at a granularity and efficiency that was not possible before. -
8
Deckhouse
Kubernetes platform from Flant
...Built-in implementation of Pod Security Standards and a ready-to-use, extensible set of recommended policies. Deckhouse automates many routine deployment, scaling, and infrastructure management operations out of the box. It manages system software on the nodes (kernel, CRI, kubelet), basic Kubernetes components (control plane, etc, certificates, etc.). -
9
Talos Linux
Talos Linux is a modern Linux distribution built for Kubernetes
Talos Linux is Linux designed for Kubernetes – secure, immutable, and minimal. Supports cloud platforms, bare metal, and virtualization platforms. All system management is done via an API. No SSH, shell or console. Production-ready supports some of the largest Kubernetes clusters in the world. Open source project from the team at Sidero Labs. It only takes 3 minutes to launch a Talos cluster on your laptop inside Docker. Talos reduces your attack surface. It's minimal, hardened and... -
Grafana: The open and composable observability platformGrafana is the open source analytics & monitoring solution for every database.
-
10
LinuxKit
A toolkit for building secure, portable and lean operating systems
...Designed to be managed by external tooling, such as Infrakit (renamed to deploykit which has been archived in 2019) or similar tools. Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security. -
11
Antrea
Kubernetes networking based on Open vSwitch
...With the programmability of Open vSwitch under the hood, Antrea can be extended to support advanced network use cases like kernel bypass and network service mesh. -
12
BerserkArch
A bleeding-edge, security-centric Arch-based Linux distribution.
BerserkArch is a security-focused, performance-tuned Linux operating system (OS) based on Arch Linux, designed for developers, hackers, and technical users. A bleeding-edge, security-centric Arch-based Linux distribution crafted for hackers, developers, and nerds alike. Following the Arch Linux philosophy, it is designed to be highly customizable, allowing users to build their environment with only the components they need, rather than having a lot of pre-installed software like some other security distributions (e.g., Kali Linux). ... -
13
PouchContainer
An efficient enterprise-class container engine
PouchContainer is an open-source project created by Alibaba Group to promote the container technology movement. PouchContainer is a highly reliable container engine open sourced by Alibaba. It is an excellent software layer to fill up gap between business applications and underlying infrastructure. The strong-isolation ability and rich container are its representitive features. PouchContainer is compatible with OCI image spec. Applications can minimize their storage usage with layered image... -
14
Kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is...
- Previous
- You're on page 1
- Next
