Cloud Security

A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.

A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.

A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.

ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.

gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.

KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.

Microsoft Azure service for safeguarding cryptographic keys and secrets.

Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.

LambdaGuard is an AWS Lambda auditing tool that provides security configuration checks, statistical analysis, and service dependency mapping for serverless functions.

LinuxKit is a toolkit for building custom minimal, immutable Linux distributions with secure defaults for running containerized applications like Docker and Kubernetes.

cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.

AWS Web Application Firewall (WAF) for protecting web applications from common exploits.

A Docker container that bundles preinstalled AWS security tools for streamlined security operations and assessments in AWS environments.

A repository of Kubernetes Network Policy examples and YAML configurations for controlling network traffic and implementing security controls in Kubernetes clusters.

An archived community-driven collection of open source cloud security tools that provided monitoring and compliance capabilities for cloud infrastructure.

A command-line tool that extracts manifest and configuration data from Docker registry images for security analysis and reconnaissance purposes.

CFRipper is a security analyzer for AWS CloudFormation templates that identifies vulnerabilities and misconfigurations before cloud deployment.

A CLI tool for bulk deletion and inspection of AWS resources to clean up testing accounts and prevent unnecessary charges.

A collection of scripts and guidance for generating proof-of-concept Amazon GuardDuty findings to help users understand and test AWS security detection capabilities.

Kubeadm is a tool for creating Kubernetes clusters with best practices.

A Terraform module that establishes security baseline configurations for AWS accounts based on CIS benchmarks and AWS security best practices.

AWS Web Application Firewalls (WAFs) are cloud-based security services that protect web applications and APIs from internet-based attacks through customizable filtering rules and centralized management capabilities.