awesome-container-security
Container Security Resources
A curated collection of resources and tools related to securing containers in software development
Awesome list of resources related to container security
226 stars
16 watching
35 forks
last commit: 3 months ago
Linked from 1 awesome list
awesomeawesome-listdockerdocker-containerdocker-imagehacktoberfestsecurity
Image / Port Authority Open Source Security Scanner for Docker | |||
| Getting started guide | |||
| Source | 151 | almost 2 years ago | |
Image / Dramatically Reducing Software Vulnerabilities | |||
| NIST security content automation protocol | |||
| Extensible Configuration Checklist Description Format (XCCDF) | Goes along with the SCAP link above for specifying a security template that containers should conform to | ||
Image / CoreOS Clair | |||
| Clair: The Container Image Security Analyzer (by Joey Schorr & Quentin Machu) | Presentation about the Clair platform | ||
| A more polished presentation of Clair at CoreOS Fest 2016 | |||
Image / Actuary | |||
| drydock | 65 | almost 9 years ago | Inspired by docker-bench-security with the ability to apply custom security profiles |
| Docker bench security | 21 | over 9 years ago | One of the first security linting utility for Docker |
Image / Buildah | |||
| Introduction | |||
Image / Anchore | |||
| anchore-cli | 114 | 8 months ago | |
Image / Commercial solutions | |||
| Black Duck Software | |||
| Tenable | Includes | ||
| GrSecurity | A collection of image hardening tools | ||
| Aqua | Full lifecycle container security management platform | ||
Build Management / Commercial solutions | |||
| Project Atomic | RedHat's complete container solution with strong built-in security | ||
| Docker Cloud | Continuous scanning of images along with a trust mechanism | ||
Networking/Runtime / Cilium | |||
| Cilium - Container Security and Networking Using BPF and XDP - Thomas Graf, Covalent | Presentation of Cilium by its creator | ||
Networking/Runtime / Calico | |||
| Flannel | 8,863 | 2 months ago | Security enforcement for SDN |
Networking/Runtime / Romana | |||
| Project | 248 | about 6 years ago | |
Networking/Runtime / Commercial solutions | |||
| StakRox | Container security solution with adaptive threat protection | ||
| NeuVector | Continuous network security | ||
| TwistLock | Network activity profiling | ||
Security profiles / Container security as explained by the three pigs | |||
| Bringing new security features to Docker | |||
| The Container Coloring Book | 74 | over 8 years ago | |
Security profiles / Falco | |||
| Technical discussion | |||
| WTF, My Container Just Spawned a Shell - Jorge Salamero Sanz, Sysdig | |||
Exploits / waitid | |||
| Detailed write-up | |||
Exploits / Dirty COW | |||
| Proof of concept | 12 | over 8 years ago | |
| Proof of concept collection | 3,359 | over 5 years ago | |
| Dirty COW and why lying is bad even if you are the Linux kernel | |||
Presentations/Posts/Articles / Capability based sandboxing | |||
| Awesome Object Capabilities | 348 | 11 months ago | A language-level implementation of the capability based sandboxing methodology |
| Linux port of Capsicum | 206 | over 4 years ago | related to this |
Presentations/Posts/Articles / Container Performance Analysis | |||
| Evolution of Container Usage at Netflix | Also provides insight into container monitoring, logging, and security at Netflix | ||
0ex/more-awesome
brooklyncentral/clocker
k3s-io/k3s
austral/austral
bytecodealliance/cap-std
caicloud/kube-ladder
weihanwang/docker-ecosystem-survey
kubernetes-sigs/kubespray
draios/sysdig-container-ecosystem