Container Security

A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.

A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.

Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.

Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.

A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.

Security-Guard helps secure microservices and serverless containers by detecting and blocking exploits.

A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.

A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.

Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.

Docker's Actuary is an automated security assessment tool that checks Docker container deployments against configurable best-practice checklists to ensure production readiness.

Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.

A security testing framework for assessing container environment security across AWS and GCP cloud platforms.

Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.

Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.

Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.

Bane is an automated AppArmor profile generator for Docker containers that simplifies the creation of security policies with file globbing support and Docker integration.