Solutions for securing cloud infrastructure, services, and containerized environments. Task: Container SecurityExplore 23 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.
An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
A cloud-native security platform that combines vulnerability management, workload protection, and security monitoring for cloud environments with context-aware threat detection capabilities.
A cloud-native security platform that combines vulnerability management, workload protection, and security monitoring for cloud environments with context-aware threat detection capabilities.
Cloud security platform that provides configuration monitoring, compliance management, and security analysis across multi-cloud environments.
Cloud security platform that provides configuration monitoring, compliance management, and security analysis across multi-cloud environments.
A cloud native security platform that uses behavioral fingerprinting and runtime verification to detect threats across Kubernetes environments, cloud infrastructure, and software supply chains.
A cloud native security platform that uses behavioral fingerprinting and runtime verification to detect threats across Kubernetes environments, cloud infrastructure, and software supply chains.
A cloud security platform that combines Kubernetes security scanning, runtime monitoring, and cloud security posture management using Kubescape and eBPF technology.
A cloud security platform that combines Kubernetes security scanning, runtime monitoring, and cloud security posture management using Kubescape and eBPF technology.
CloudDefense.AI is a Cloud Native Application Protection Platform (CNAPP) that safeguards cloud infrastructure and cloud-native apps with expertise, precision, and confidence.
CloudDefense.AI is a Cloud Native Application Protection Platform (CNAPP) that safeguards cloud infrastructure and cloud-native apps with expertise, precision, and confidence.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.
A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.
A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.
gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.
gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.
A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.
A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.
A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.
A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.
A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.
Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.
Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
Docker's Actuary is an automated security assessment tool that checks Docker container deployments against configurable best-practice checklists to ensure production readiness.
Docker's Actuary is an automated security assessment tool that checks Docker container deployments against configurable best-practice checklists to ensure production readiness.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.