42 tools and resources
CloudDefense.AI is a Cloud Native Application Protection Platform (CNAPP) that safeguards cloud infrastructure and cloud-native apps with expertise, precision, and confidence.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
Conmachi is a Golang tool for scanning container environments for security issues.
Managed Kubernetes Inspection Tool leveraging FOSS tools to query and validate security-related settings.
Tool for assessing compliance and running vulnerability scans on Docker images.
Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.
A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.
gVisor is an application kernel that provides isolation for running sandboxed containers.
Metadata repository with installation tools and cloud provider support.
Create Docker container images for testing and long-term use.
Troje is a honeypot that creates a realistic environment within lxc containers to monitor and record traffic and changes to drives.
Contains various use cases of Kubernetes Network Policies and sample YAML files.
A tool for pillaging Docker registries to extract image manifests and configurations.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
A tool that finds unprotected secrets in container images or file systems, matching against a database of 140 secret types.
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
Real-time, container-based file scanning system for threat hunting and incident response.
A subset of the Modern Honey Network project set up to run in docker, including hpfeeds broker, cowrie honeypot, and dionaea honeypot.
A framework to analyze container images and gather useful information.
Redirects EC2 metadata API traffic to a container that retrieves temporary AWS credentials and proxies other calls to the EC2 metadata API.
A Docker analysis tool for identifying potential security vulnerabilities and weaknesses in Docker environments
Learn how to secure applications in Kubernetes Engine by granting varying levels of privilege based on requirements.
A tool for building Open Container Initiative (OCI) container images with various functionalities.
Sysdig is a system visibility tool with native container support.
Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.
A collection of tips and tricks for container and container orchestration hacking
Weave Scope automatically generates a map of your application for troubleshooting and monitoring Docker & Kubernetes.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
A security framework for process isolation and sandboxing based on capability-based security principles.
A workload policy enforcement tool for Kubernetes with various supported policies and configuration options.
A setuid implementation of a subset of user namespaces, providing a way to run unprivileged containers without requiring root privileges.
An open source project for static analysis of vulnerabilities in application containers
Docker's Actuary automates security best-practices checks for Docker containers.
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
A blog post discussing the differences between Solaris Zones, BSD Jails, VMs, and containers, with the author arguing that containers are not a real thing.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Utilizes dirtyc0w kernel exploit for privilege escalation in a Docker container.
Forensics tool for exploring offline Docker filesystems.
Custom AppArmor profile generator for Docker containers with file globbing.
