Ramblings from Jessie: Getting Towards Real Sandbox Containers Sunday, May 1, 2016 · 5 min read - Containers are all the rage right now, utilizing Linux primitives like user namespaces and seccomp to create application sandboxes. - Chrome sandbox is a familiar example, using user namespaces and seccomp, similar to container features. - Key difference: Chrome runs as unprivileged user, while most containers run as root, requiring root privileges for creation and execution.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
HAWK is a multi-cloud antivirus scanning API that uses CLAMAV and YARA engines to detect malware in AWS S3, Azure Blob Storage, and GCP Cloud Storage objects.
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.
A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.