GitHub topics: container-security
gwengwap/SecurityHeaderX
Instant web security analysis: detect vulnerabilities in HTTP headers, TLS, and CORS with a single scan
Language: JavaScript - Size: 80.1 KB - Last synced at: about 4 hours ago - Pushed at: about 6 hours ago - Stars: 0 - Forks: 0
Metarget/k0otkit
k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.
Language: Shell - Size: 4.64 MB - Last synced at: about 10 hours ago - Pushed at: about 4 years ago - Stars: 292 - Forks: 52
42ByteLabs/konarr
Konarr: A free and open source SCA platform for your containers
Language: Rust - Size: 1.43 MB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 7 - Forks: 0
queelius/sandrun
Anonymous, ephemeral, sandboxed code execution service. Secure isolation with Linux namespaces, seccomp-BPF, and resource limits. No accounts, no tracking, auto-deletes.
Language: C++ - Size: 91.8 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 1 - Forks: 0
raoulx24/trivy-operator-dashboard
Trivy Operator Dashboard: A comprehensive tool for Trivy Operator. Offers various dashboards and interactive pages where you can browse and inspect Trivy Reports. Built with C#, .NET 9 (backend), Angular 20, and Node.js 24 (frontend).
Language: C# - Size: 22.1 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 16 - Forks: 1
project-copacetic/copacetic
🧵 CLI tool for directly patching container images!
Language: Go - Size: 17.8 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 1,413 - Forks: 97
r0binak/MTKPI
🧰 Multi Tool Kubernetes Pentest Image
Language: Shell - Size: 8.36 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 245 - Forks: 21
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Language: C - Size: 445 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 13,221 - Forks: 1,950
brant-ruan/awesome-container-escape
collections of container escape techniques 🐿
Size: 4.88 KB - Last synced at: 5 days ago - Pushed at: over 4 years ago - Stars: 71 - Forks: 12
BBlue530/PatchHound
PatchHound is an open source SBOM vulnerability scanner and report generator with image signing, verification, and automated alerts for secure software supply chains.
Language: Python - Size: 258 KB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 0 - Forks: 0
muhammadhassaan-solves/hardening-docker-containers-with-security-best-practices
Language: Python - Size: 10.7 KB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 0 - Forks: 0
koslib/awesome-containerized-security
A collection of tools to improve your containerized apps security posture
Size: 51.8 KB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 146 - Forks: 14
chaitin/veinmind-tools
veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
Language: Go - Size: 20.1 MB - Last synced at: 9 days ago - Pushed at: over 1 year ago - Stars: 1,624 - Forks: 188
namish69/container-security-pipeline
Automate secure CI/CD for Python containers: build, scan, sign in GitHub Actions, push to Docker Hub, and deploy to Kubernetes with non-root and liveness probes 🐙
Language: Dockerfile - Size: 3.11 MB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 0 - Forks: 0
erhardtconsulting/images
Rootless Docker Images for Secure Kubernetes Deployments
Language: Dockerfile - Size: 1.35 MB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 1 - Forks: 0
juburr/cosign-orb
A simple CircleCI orb used to install Cosign and sign container images
Language: Shell - Size: 701 KB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 2 - Forks: 1
juburr/grype-orb
A simple CircleCI orb used to install Grype and perform vulnerability scans
Language: Shell - Size: 429 KB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 1 - Forks: 0
focela/docker-alpine-1
Production-ready Alpine Linux base container with S6 overlay, comprehensive monitoring (Zabbix), log shipping (Fluent-Bit), security (Fail2ban), cron scheduling, SMTP messaging, and multi-architecture support for scalable containerized applications.
Language: Dockerfile - Size: 318 KB - Last synced at: 14 days ago - Pushed at: 25 days ago - Stars: 1 - Forks: 0
mikeroyal/OpenShift-Guide
OpenShift Guide. Learn about the Red Hat OpenShift Container Platform, Data Science, Code Ready Containers, Podman, Buildah, and Kubernetes.
Language: Python - Size: 247 KB - Last synced at: 17 days ago - Pushed at: over 1 year ago - Stars: 155 - Forks: 42
ellerbrock/docker-security-images
:closed_lock_with_key: Docker Container for Penetration Testing & Security
Size: 5.86 KB - Last synced at: 17 days ago - Pushed at: almost 7 years ago - Stars: 238 - Forks: 34
Cloud-Automation-Portfolio/ansible-automation
Automated server and container provisioning, configuration, patching, user management, Docker hardening and compliance reporting using Ansible playbooks.
Size: 3.07 MB - Last synced at: 21 days ago - Pushed at: 22 days ago - Stars: 0 - Forks: 0
Cloud-Automation-Portfolio/container-security-pipeline
Automated, secure Docker pipeline with image scanning and cloud/K8s deployment.
Language: Dockerfile - Size: 3.1 MB - Last synced at: 24 days ago - Pushed at: 24 days ago - Stars: 0 - Forks: 0
SnailSploit/KubeRoast_v1
Kubernetes misconfiguration & attack-path scanner
Language: Python - Size: 47.9 KB - Last synced at: 4 days ago - Pushed at: 28 days ago - Stars: 0 - Forks: 0
sysdiglabs/kube-psp-advisor
Help building an adaptive and fine-grained pod security policy
Language: Go - Size: 253 KB - Last synced at: 24 days ago - Pushed at: almost 2 years ago - Stars: 331 - Forks: 42
shafiqul-islam-sumon/SecureDockerEnv
SecureDockerEnv is a Python project that securely manages environment variables in Docker without embedding them in images. It ensures safe injection of .env files at runtime, preventing credential leaks in containerized applications.
Language: Python - Size: 8.79 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 1 - Forks: 0
grantseltzer/karn
Simplifying Seccomp enforcement in containerized or non-containerized apps
Language: Go - Size: 3.49 MB - Last synced at: 24 days ago - Pushed at: almost 5 years ago - Stars: 112 - Forks: 13
Tsaihemanth150/Docker
Language: Dockerfile - Size: 8.79 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
muhammadhassaan-solves/secure-kubernetes-deployment-harbor-tls
Language: Dockerfile - Size: 15.6 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0
cdk-team/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
Language: Go - Size: 9.54 MB - Last synced at: about 2 months ago - Pushed at: 6 months ago - Stars: 4,273 - Forks: 575
sysdiglabs/security-playground
This is a sample application which runs an HTTP web server and allows to read and write files and exec commands
Language: Python - Size: 27.3 KB - Last synced at: about 2 months ago - Pushed at: 4 months ago - Stars: 19 - Forks: 57
vchinnipilli/kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Language: Python - Size: 22 MB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 996 - Forks: 109
chaitin/libveinmind
一个由长亭自研,直观而可扩展的容器安全 SDK
Language: Go - Size: 277 KB - Last synced at: 9 days ago - Pushed at: over 2 years ago - Stars: 122 - Forks: 19
Metarget/awesome-cloud-native-security
awesome resources about cloud native security 🐿
Size: 83 KB - Last synced at: about 10 hours ago - Pushed at: almost 2 years ago - Stars: 321 - Forks: 52
meysam81/build-docker
A shorthand GitHub Action for building Docker and pushing to ghcr.io and other repositories. An smaller alternative to combining qemu and other steps.
Size: 171 KB - Last synced at: 10 days ago - Pushed at: 12 days ago - Stars: 1 - Forks: 0
R3DRUN3/sploitcraft
🏴☠️ Hacking Guides, Demos and Proof-of-Concepts 🥷
Language: Jupyter Notebook - Size: 24.2 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 198 - Forks: 28
tvroi/ebpf-docker-build-monitor
eBPF-based monitor for detecting suspicious activity during Docker image builds
Language: C - Size: 31.3 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0
jetstack/paranoia
Inspect certificate authorities in container images
Language: Go - Size: 408 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 234 - Forks: 9
Metarget/metarget
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
Language: Python - Size: 4.93 MB - Last synced at: 3 months ago - Pushed at: 5 months ago - Stars: 1,255 - Forks: 190
madhuakula/kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Language: HTML - Size: 124 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 4,778 - Forks: 798
schoi1337/dockout
Red-team oriented CVE exploitation framework for container escapes, with simulation and reporting features.
Language: Python - Size: 1.45 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0
trendmicro/tmas-scan-action
Vision One Container Security Scan Action
Language: Shell - Size: 357 KB - Last synced at: about 2 months ago - Pushed at: 11 months ago - Stars: 10 - Forks: 4
andsopwn/container-cve-tracker Fork of container-security-to-graduate/container-cve-tracker
AI-powered Automated Vulnerability Scanning for Container Images
Language: Python - Size: 55.3 MB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0
Pradumnasaraf/soss-scout-demo
The repository demonstrates the use of Docker Scout in a CI/CD pipeline to examine vulnerabilities in container images. This demo was presented at Secure Open Source Software (SOSS) Community Days India 2024.
Language: Dockerfile - Size: 1.35 MB - Last synced at: 1 day ago - Pushed at: 9 months ago - Stars: 2 - Forks: 0
pjbgf-archives/zaz 📦
A command line tool to automatically generate seccomp profiles.
Language: Go - Size: 2.16 MB - Last synced at: 15 days ago - Pushed at: over 4 years ago - Stars: 26 - Forks: 4
opengovern/opensecurity
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.
Language: TypeScript - Size: 127 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 609 - Forks: 10
911Abaddon/SecurityHeaderX
Instant web security analysis: detect vulnerabilities in HTTP headers, TLS, and CORS with a single scan
Language: JavaScript - Size: 80.1 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 1 - Forks: 0
twistlock/whoc
A container image that exfiltrates the underlying container runtime to a remote server
Language: C - Size: 206 KB - Last synced at: 4 months ago - Pushed at: almost 3 years ago - Stars: 133 - Forks: 11
ExploitWorks/EscalateX
A powerful Linux privilege escalation scanner — a feature-rich and modern alternative to LinPEAS, built for speed, depth, and clarity.
Language: Shell - Size: 316 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 28 - Forks: 0
prasanna7401/Securenetes
Perform Automatic hardening on Kubernetes clusters based on CIS Security Benchmark recommendations on a recurring basis
Language: Python - Size: 4.11 MB - Last synced at: 4 months ago - Pushed at: 7 months ago - Stars: 1 - Forks: 0
mikonoid/CKS-exam-cheat-sheets
Preparation for CKS exam
Size: 159 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0
Vinum-Security/kubernetes-security-checklist
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)
Size: 111 KB - Last synced at: 4 months ago - Pushed at: over 3 years ago - Stars: 474 - Forks: 95
paulveillard/cybersecurity-container-security
An ongoing & curated collection of awesome frameworks, and most important libraries, videos, learning tutorials , tools and and cool stuff about containers.
Language: Shell - Size: 3.57 MB - Last synced at: 5 months ago - Pushed at: almost 3 years ago - Stars: 41 - Forks: 3
kubernetesvillage/ecr_eks_security_masterclass_public
EKS Goat: AWS ECR & EKS Security Workshop by Anjali & Divyanshu
Language: Shell - Size: 250 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 5 - Forks: 25
kube-tarian/sigrun
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
Language: Go - Size: 705 KB - Last synced at: 4 months ago - Pushed at: about 2 years ago - Stars: 13 - Forks: 3
appvia/cosign-keyless-admission-webhook
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Language: JavaScript - Size: 148 KB - Last synced at: 1 day ago - Pushed at: 12 days ago - Stars: 23 - Forks: 1
veilair/docker-development
An ongoing curated list of awesome frameworks, important books, articles, talks, libraries, learning tutorials, best practices and technical resources about Docke
Size: 375 KB - Last synced at: 6 months ago - Pushed at: over 3 years ago - Stars: 2 - Forks: 0
blues-man/vote-app-gitops
A demo of cloud-native Inner Loop and Outer Loop controlling a 2-tier app (Python + Go) with Red Hat OpenShift using Tekton Pipelines, Argo CD GitOps, Eclipse Che aka OpenShift DevSpaces and Quay.io registry
Language: Smarty - Size: 2.82 MB - Last synced at: 5 months ago - Pushed at: 10 months ago - Stars: 16 - Forks: 51
0xN3utr0n/Kanis
Advanced threat detection solution for Linux.
Language: Go - Size: 151 KB - Last synced at: 5 months ago - Pushed at: almost 5 years ago - Stars: 36 - Forks: 4
project-copacetic/copa-extension
🐳 Docker Desktop extension for Copa
Language: TypeScript - Size: 2.24 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 1 - Forks: 4
mathieu-benoit/mathieu-benoit.github.io
The content of my blog hosted at: https://mathieu-benoit.github.io/
Language: HTML - Size: 3.92 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 3 - Forks: 3
null-open-security-community/Cloud-Project
Size: 6.84 KB - Last synced at: about 1 year ago - Pushed at: almost 5 years ago - Stars: 8 - Forks: 2
darkwizard242/ansible-role-trivy
Ansible role for Trivy. Available on Ansible Galaxy.
Language: Python - Size: 31.3 KB - Last synced at: 6 months ago - Pushed at: about 1 year ago - Stars: 3 - Forks: 0
fortify/fortify-ssc-parser-tenable-io-cs
Fortify SSC Parser Plugin for Tenable.io Container Security results
Language: Java - Size: 149 KB - Last synced at: 4 days ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0
falcosecurity-retire/falco-security-workshop 📦
Container Security Workshop covering using Falco on Kubernetes.
Language: Python - Size: 4.59 MB - Last synced at: 5 months ago - Pushed at: over 4 years ago - Stars: 105 - Forks: 39
Code-Triarii/ccse-ccsne-cks-cka-road-to-container-expert-trainings-security
This repository contains useful resources for preparing and obtaining the CCSE (Certified Container Security Expert) certification of practical devsecops organizations.
Language: Shell - Size: 8.55 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
mathieu-benoit/kubernetes-security
WIP - List of best practices about Security with Kubernetes and containers
Size: 10.7 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0
mathieu-benoit/cartservice 📦
My own cartservice coming from the GoogleCloudPlatform/microservices-demo repository
Language: C# - Size: 346 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 2
ErdemOzgen/DevSecOpsBuilder
Automatic DevSecOps builder
Language: Python - Size: 1.52 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 2
CanonicalLtd/canonical-kubernetes-third-party-integrations 📦
Official repository for Canonical Kubernetes Third Party Integration Documentation
Size: 3.59 MB - Last synced at: over 1 year ago - Pushed at: almost 7 years ago - Stars: 10 - Forks: 4
slimdevops/slim-containers
Tutorials, examples, and streaming notes
Language: Python - Size: 140 MB - Last synced at: about 1 month ago - Pushed at: over 2 years ago - Stars: 21 - Forks: 9
CloudDefenseAI/falco_extended_rules
Curating Falco rules with MITRE ATT&CK Matrix
Language: Python - Size: 102 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 62 - Forks: 9
syn-4ck/fafnir-sec
fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.
Language: Python - Size: 14.3 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0
stelligent/aws-anchore-engine-scanner
This guide details steps and procedures you can follow to create, launch and implement your own standalone container scanning solution within AWS ecosystem. This approach uses an opensource container scanning tool called Anchore Engine as a proof-of-concept and provides examples of how Anchore integrates with your favorite CI/CD systems orchestration platforms.
Language: Python - Size: 961 KB - Last synced at: 5 months ago - Pushed at: over 5 years ago - Stars: 9 - Forks: 3
HoussemDellai/kubernetes-allowed-registries-policy
Demoing whitelisting Container Registries in Kubernetes using OPA/Gatekeeper policy.
Size: 364 KB - Last synced at: 9 days ago - Pushed at: almost 5 years ago - Stars: 6 - Forks: 11
sysdiglabs/secure-image-scanning
Image scanning with Sysdig Secure
Language: Shell - Size: 13.7 KB - Last synced at: 6 months ago - Pushed at: over 5 years ago - Stars: 1 - Forks: 3
AkihiroSuda/cni-isolation 📦
CNI Bridge Isolation Plugin (Merged into the firewall plugin v1.1.0)
Language: Go - Size: 69.3 KB - Last synced at: about 1 year ago - Pushed at: over 3 years ago - Stars: 9 - Forks: 1
litneet64/containerized-bomb-disposal
Set of dockerfiles meant for throw-away instances that achieve a singular purpose: to "safely" interact (run, play, unzip, etc) with programs or files without the need of a full VM to avoid compromise of the host machine. Think of it as a bomb disposal device for files you don't trust that much but still need to run, unzip or play.
Language: Dockerfile - Size: 41 KB - Last synced at: about 2 years ago - Pushed at: over 4 years ago - Stars: 0 - Forks: 0
anchore/ci-tools 📦
Contains scripts for running anchore engine in CI pipelines
Language: Shell - Size: 373 KB - Last synced at: about 1 year ago - Pushed at: about 3 years ago - Stars: 34 - Forks: 33
lawndoc/seccomp-ci-demo
Automate seccomp filter generation in your CI pipeline
Language: Python - Size: 24.4 KB - Last synced at: 3 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 2
mmadil/pwnage
Sample container image to demonstrate attack scenarios in containerized cluster environments.
Language: Dockerfile - Size: 2.93 KB - Last synced at: over 1 year ago - Pushed at: about 4 years ago - Stars: 2 - Forks: 0
lightspin-tech/eks-creation-engine
The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.
Language: Python - Size: 85.9 KB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 39 - Forks: 12
nikhilnayak98/csvs
Security for Virtualization Systems Project
Language: Shell - Size: 118 KB - Last synced at: over 2 years ago - Pushed at: about 3 years ago - Stars: 0 - Forks: 0
bsteen/cloud-covert-channels 📦
Creating covert channels in Linux-based cloud container environments
Language: C - Size: 2.45 MB - Last synced at: over 2 years ago - Pushed at: over 3 years ago - Stars: 1 - Forks: 2
anchore/circleci-orbs
Repo for all Anchore circleci orb source code
Language: JavaScript - Size: 84 KB - Last synced at: 24 days ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 5
rahulroy1/oc-container-runtime-security
Implementing Container Runtime security monitoring in Redhat Openshift using Falco
Size: 987 KB - Last synced at: 3 months ago - Pushed at: over 4 years ago - Stars: 2 - Forks: 0
onzack/kube-scout
Vulnerability Management Tool for Kubernetes and Containers
Language: Vue - Size: 111 KB - Last synced at: 5 months ago - Pushed at: almost 3 years ago - Stars: 6 - Forks: 1
