Container Security Tools
Container security tools for securing Docker containers, Kubernetes clusters, and containerized applications throughout the DevOps lifecycle.
Browse 91 container security tools
FEATURED
USE CASES
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.
MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.
Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.
Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
Encrypt Kubernetes Secrets into SealedSecrets for safe storage and controlled decryption within the cluster.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.
A userland implementation of the Network Block Device protocol that enables remote block device access over network connections for distributed storage and virtualization use cases.
NBD (Network Block Device) is a network protocol implementation that allows clients to access remote block devices over a network as if they were local storage.
Articles About Container Security
Tool roundups, buying guides, and strategic analysis from the CybersecTools resource library.
Container Security Tools FAQ
Common questions about Container Security tools, selection guides, pricing, and comparisons.
Key container security risks include: vulnerable base images with known CVEs, secrets embedded in container images or environment variables, misconfigured Kubernetes RBAC and network policies, container escape vulnerabilities, supply chain attacks through compromised registries, and runtime threats like cryptomining. Securing containers requires scanning images before deployment and monitoring runtime behavior.
