kntrl: Real-time eBPF Runtime Security for Your CI/CD Pipelines
kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined behaviour is detected. Refer to this presentation to dive deeper into how we are achieving what kntrl does.
It can work as a single binary (kntrl
) or with a docker runner (docker.io/kondukto/kntrl:0.1.2
).
Features
- Single Binary: Deploy `kntrl` as a lightweight, standalone binary for easy setup and minimal overhead.
- OPA-Supported Engine: Leverage Open Policy Agent (OPA) to enforce custom security policies effortlessly.
- eBPF Powered: Utilizes eBPF to monitor kernel calls and secure pipelines at the system level.
- Real-Time Detection & Prevention: Instantly detects and blocks anomalous behavior as it happens.
- GitHub Action: Seamlessly integrates with GitHub Actions to secure your workflows.
- Open Source: Fully transparent, community-driven, released as an open source under Apache2 License.