clair
Vulnerability scanner
Analyzes vulnerabilities in container images to improve security transparency
Vulnerability Static Analysis for Containers
10k stars
226 watching
1k forks
Language: Go
last commit: 8 days ago
Linked from 6 awesome lists
claircontainersdockergokubernetesocioci-imagestatic-analysisvulnerabilities
veggiemonk/awesome-docker
fabacab/awesome-cybersecurity-blueteam
rootsongjc/awesome-cloud-native
jakobthedev/awesome-devsecops
funkmyster/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 aquasecurity/trivy | Automatically scans software projects for vulnerabilities and misconfigurations to ensure security and compliance. | 23,679 |
 anchore/grype | A tool for detecting vulnerabilities in container images and filesystems | 8,812 |
 jasonumiker/clair-ecs-fargate | A package and deployment guide for Clair image scanner on AWS ECS Fargate | 27 |
 edersonbrilhante/vilicus | An open-source tool that orchestrates security scans of container images and centralizes the results into a database for analysis and metrics. | 85 |
 goharbor/harbor | An open source registry project that stores and manages images in cloud-native environments | 24,175 |
| aquasecurity/trivy-action | Automates vulnerability scanning of Docker images using Trivy | 831 |
 tomwillfixit/alpine-cvecheck | Automates vulnerability scanning of Docker images at build time | 10 |
 teamssix/container-escape-check | Detects potential vulnerabilities in Docker containers by checking for common escape methods | 556 |
 goodwithtech/dockle | Automates security and best-practice checks for Docker images | 2,784 |
 dev-sec/cis-docker-benchmark | A tool for automating security audits of Docker environments | 488 |
 nccgroup/whalescan | A vulnerability scanner for Windows containers that performs benchmark checks and checks for CVEs/vulnerable packages on the container. | 153 |
 sea-erkin/log-snare | A web application designed to simulate vulnerabilities and demonstrate the importance of proper validation and logging. | 31 |
 snyk/cli | A command-line tool that scans and monitors software development projects for security vulnerabilities. | 4,952 |
| anchore/syft | Generates detailed visibility into software packages and dependencies to manage vulnerabilities and license compliance. | 6,248 |
 scotty-c/dirty-cow-poc | A proof-of-concept demonstrating the vulnerability of unsecured containers to privilege escalation attacks | 12 |