RBAC Atlas is a curated database of identities and the Role Based Access Control (RBAC) policies associated with them in popular Kubernetes open-source projects. Each entry includes security annotations that highlight granted permissions, potential risks, and possible abuse scenarios.

Why is RBAC important? RBAC is the final layer of defense in Kubernetes security. If workloads are compromised and an identity is stolen, a misconfigured or overly permissive RBAC policy (common with Operators) can enable attackers to move laterally within your cluster, potentially leading to a complete Kubernetes cluster takeover.

RBAC Atlas is a collaborative project created by Lenin Alevski, and contributions of additional RBAC rules are welcome.

🚀 Top Risks

informationdisclosure dataexposure configmapaccess tampering potentialprivilegeescalation credentialaccess reconnaissance secretaccess clusterwidesecretaccess denialofservice See All →

📦 Top Categories

operator monitoring kubernetes prometheus database metric observability metrics cluster edp metricsql timeseries tsdb victoriametrics storage alerting sql ci gitlab kube-prometheus See All →

📜 All Projects

All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

vals-operator

v0.7.11
1 Critical 5 Low 1 1 6

This helm chart installs the Digitalis Vals Operator to manage and sync secrets from supported backends into Kubernetes. ## About Vals-Operator Here at Digitalis we love vals, it’s a tool we use daily to keep secrets stored securely. Inspired by this tool, we have created an operator to manage Kubernetes secrets. vals-operator syncs secrets from any secrets store supported by vals into Kubernetes. Also, vals-operator supports database secrets as provider by HashiCorp Vault Secret Engine.

#ClusterWideSecretAccess  #CredentialAccess  #DataExposure  (+2 more)

wordpress

v26.0.0
3 3 0

WordPress is the world’s most popular blogging and content management platform. Powerful yet simple, everyone from students to global corporations use it to build beautiful, functional websites.