Bubblewrap
Bubblewrap is a setuid implementation of a subset of user namespaces that enables running unprivileged containers without requiring root privileges. The tool provides a secure alternative to traditional container runtimes by implementing namespace isolation while maintaining a reduced attack surface. Unlike full container solutions, Bubblewrap does not provide control over iptables, focusing instead on process and filesystem isolation. The implementation uses setuid capabilities to create sandboxed environments where applications can run with limited system access. This approach allows for containerization without the complexity and potential security risks associated with full-featured container platforms. Bubblewrap is designed as a lightweight solution for scenarios where basic container isolation is needed without the overhead of complete container orchestration systems.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
A command-line security auditing tool that performs Lynis-based security assessments across AWS, GCP, Azure, and DigitalOcean cloud platforms.
MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.