Open Source Projects by Orca

At Orca we’re a proud contributor to the open source community, helping developers and security teams make the cloud a safer place for everyone.

AI Goat Icon

AI Goat

AI Goat is the first open source AI security hands-on learning environment based on the OWASP top 10 ML risks and was created to help security professionals and pentesters understand how AI-specific vulnerabilities can be exploited, and how organizations can best defend against these types of attacks.

  • An intentionally vulnerable AI environment built in Terraform that includes numerous threats and vulnerabilities for testing and learning purposes.
  • Built on AWS, running AI models on Amazon SageMaker. Deploying the environment exposes a user interface for an online shop selling soft toys with different machine learning models embedded in the store features.
  • The application includes intentional misconfigurations, vulnerabilities, and security issues so security practitioners and developers can increase their understanding of how attackers can take advantage of these weaknesses.
IAM APE Icon

IAM APE

The IAM AWS Policy Evaluator (APE) is an open source, automated tool that’s designed to simplify the process of calculating effective permissions for an AWS entity. While the capabilities of the tool are included in the Orca Platform, we’ve also made the tool available to the developer community to help strengthen cloud security postures.

  • Gathers all the IAM policies present in your account, and then calculates the effective permissions that each entity – User, Group, or Role – has. 
  • Presents you with a single policy for each entity, summarizing all of their actual permissions.
  • Available on Orca Security’s official GitHub repo, as well as through PyPI, the official Python Package Index.
Kubernetes Testing Environment (KTE)

KTE

KTE is an open-source Kubernetes Testing Environment for EKS (Amazon Elastic Kubernetes Service), GKE (Google Kubernetes Engine) and AKS (Azure Kubernetes Service).

  • Helps you improve Kubernetes security by providing a safe and controlled space to identify and address potential vulnerabilities before they impact production.
  • Allows you to simulate various attack scenarios, test security patches, and evaluate the effectiveness of security configurations and policies.
  • Users are encouraged to replace the default helm chart with their own, so they can use KTE to test a real, staging environment.
A numbered table with all the tools, links to their GitHub projects, and links to their Results dashboards and stars count

Orca Research Pod

The Orca Research Pod, a group of cloud security researchers that discovers and analyzes cloud risks and vulnerabilities, creates and maintains the Orca open source projects on GitHub, helping developers and security teams make the cloud a safer place for everyone.

Connect with us on

GitHub