kubewaf-io / kubewaf

Public

Protect your Kubernetes workloads with ModSecurity-compatible rules and OWASP Core Rule Set (CRS) using native Kubernetes CRDs.

kubewaf.io coraza envoy gateway-api kubernetes modsecurity

100% credibility

Found Mar 28, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

AI Summary

Kubernetes-native Web Application Firewall operator for defining and managing ModSecurity-compatible rules via Custom Resource Definitions.

How It Works

💡 Discover kubeWAF

You hear about a friendly shield that keeps websites safe from hackers using everyday setup tools.

📦 Add the protector

You bring the safety manager into your environment with simple setup steps.

🔄 Import trusted rules

You pull in ready-made expert rules to block common attacks right away.

✏️ Create custom guards

You describe threats and responses in easy checklists that feel natural to build.

📋 Group your shields

You bundle rules into handy packs for different website areas.

🔗 Link to your sites

You connect the packs to your web doors so protection starts instantly.

🛡️ Threats blocked!

Bad visitors are stopped quietly while good ones flow through safely and smoothly.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is kubewaf?

kubeWAF brings Web Application Firewall protection to Kubernetes workloads using native CRDs for ModSecurity-compatible rules and the OWASP Core Rule Set. Define SecRules and SecActions in YAML, aggregate them into RuleSets, and let the operator generate SecLang configs automatically. Built in Go, it handles rule translation, status reporting, and cross-references, solving the pain of managing WAF configs outside your GitOps workflows.

Why is it gaining traction?

Unlike sidecar proxies or Helm-heavy setups, kubeWAF uses pure Kubernetes CRDs for declarative rule management, with a CLI converter that imports OWASP CRS rules directly into YAML. It supports label selectors for RuleSets and plans Envoy Gateway integration, making it dead simple to protect Kubernetes apps without learning new DSLs. Developers love the automatic SecLang generation and cleanup via finalizers.

Who should use this?

Kubernetes security engineers hardening ingress or Gateway API traffic against SQLi, XSS, and OWASP threats. Teams migrating from NGINX App Protect or IBM Spectrum Protect to native K8s, especially those wanting to protect Kubernetes secrets and namespaces declaratively. Ideal for GitOps shops enforcing branch protection on rules like main/master via pull requests.

Verdict

Promising beta for Kubernetes-native WAF with CRS support, but only 10 stars and 1.0% credibility score mean it's early—expect breaking changes. Grab it if you need core rule protection now; watch for Envoy maturity.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 10 stars

Penalty: New account (8d): -70%

Bonus: AI verified quality (100%)

Account age: 8 days

Repo age: 4 days

License: Apache-2.0

Updated: Mar 28, 2026