Container Security

kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.

An educational repository providing structured lab materials and scripts for learning container technologies and their internal mechanisms.

A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.

A book that helps improve Docker security by covering risks and countermeasures

NBD (Network Block Device) is a network protocol implementation that allows clients to access remote block devices over a network as if they were local storage.

MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.

A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.

An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.

Exploring the transition towards real sandbox containers and the differences in privileges compared to traditional sandboxes like Chrome.

A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.

A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.

gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.

LinuxKit is a toolkit for building custom minimal, immutable Linux distributions with secure defaults for running containerized applications like Docker and Kubernetes.

A repository of Kubernetes Network Policy examples and YAML configurations for controlling network traffic and implementing security controls in Kubernetes clusters.

A command-line tool that extracts manifest and configuration data from Docker registry images for security analysis and reconnaissance purposes.

Kubeadm is a tool for creating Kubernetes clusters with best practices.

A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.

Kubernetes security platform with industry standard open source utilities for securing Kubernetes clusters and apps.

Encrypt Kubernetes Secrets into SealedSecrets for safe storage and controlled decryption within the cluster.

minikube is a local Kubernetes cluster management tool that enables developers to run and test Kubernetes applications on their local machines across multiple operating systems.

A userland implementation of the Network Block Device protocol that enables remote block device access over network connections for distributed storage and virtualization use cases.

A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.