Docker's Actuary is an application that checks for dozens of common best-practices around deploying Docker containers in production. Actuary takes in a checklist of items to check, and automates the running, inspecting and aggregation of the results. Actuary is an evolution of DockerBench, with a focus on the creation, sharing and reuse of different security profiles by the Docker security community. To run Actuary, you simply have to provide a checklist file or hash, and it will do the rest.
FEATURES
SIMILAR TOOLS
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
An open-source framework for testing and validating the security of AWS services and resources.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
A collection of security workshops and hands-on content for AWS security services and techniques
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.