Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. It imports known vulnerabilities and exploits into a MongoDB and verifies software installed in docker images for vulnerabilities. It also uses ClamAV as antivirus engine for detecting trojans, viruses, malware & other malicious threats. It supports multiple Linux base images: RHEL, Ubuntu, Debian, CentOS, Fedora, and OpenSUSE. It is designed to be used by security professionals, developers, and DevOps teams to ensure the security of their docker-based applications.
FEATURES
SIMILAR TOOLS
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
Simple script to check a domain's email protections and identify vulnerabilities.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.