GitHub topics: container-security
erhardtconsulting/images
Rootless Docker Images for Secure Kubernetes Deployments
Language: Dockerfile - Size: 919 KB - Last synced at: about 17 hours ago - Pushed at: about 18 hours ago - Stars: 1 - Forks: 0
cdk-team/CDK
📦 Make security testing of K8s, Docker, and Containerd easier.
Language: Go - Size: 9.54 MB - Last synced at: 1 day ago - Pushed at: about 2 months ago - Stars: 4,178 - Forks: 568
opengovern/opensecurity
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.
Language: TypeScript - Size: 127 MB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 609 - Forks: 10
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Language: C++ - Size: 430 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 12,302 - Forks: 1,821
Metarget/metarget
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
Language: Python - Size: 4.93 MB - Last synced at: 4 days ago - Pushed at: 18 days ago - Stars: 1,234 - Forks: 186
Metarget/k0otkit
k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.
Language: Shell - Size: 4.64 MB - Last synced at: 4 days ago - Pushed at: over 3 years ago - Stars: 288 - Forks: 52
chaitin/veinmind-tools
veinmind-tools 是由长亭科技自研,基于 veinmind-sdk 打造的容器安全工具集
Language: Go - Size: 20.1 MB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 1,581 - Forks: 185
42ByteLabs/konarr
Konarr: A free and open source SCA platform for your containers
Language: Rust - Size: 1.23 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 6 - Forks: 0
project-copacetic/copacetic
🧵 CLI tool for directly patching container images!
Language: Go - Size: 15.7 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 1,284 - Forks: 80
madhuakula/kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Language: HTML - Size: 124 MB - Last synced at: 7 days ago - Pushed at: 3 months ago - Stars: 4,718 - Forks: 776
meysam81/build-docker
A shorthand GitHub Action for building Docker and pushing to ghcr.io and other repositories. An smaller alternative to combining qemu and other steps.
Size: 175 KB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 1 - Forks: 0
raoulx24/trivy-operator-dashboard
Trivy Operator Dashboard: A comprehensive tool for Trivy Operator. Offers various dashboards and interactive pages where you can browse and inspect Trivy Reports. Built with C#, .NET 8 (backend), Angular 18, and Node.js 22 (frontend).
Language: C# - Size: 8.58 MB - Last synced at: 4 days ago - Pushed at: 5 days ago - Stars: 6 - Forks: 0
vchinnipilli/kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Language: Python - Size: 22 MB - Last synced at: 3 days ago - Pushed at: about 1 year ago - Stars: 996 - Forks: 106
juburr/cosign-orb
A simple CircleCI orb used to install Cosign and sign container images
Language: Shell - Size: 713 KB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 2 - Forks: 1
juburr/grype-orb
A simple CircleCI orb used to install Grype and perform vulnerability scans
Language: Shell - Size: 404 KB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 1 - Forks: 0
Metarget/awesome-cloud-native-security
awesome resources about cloud native security 🐿
Size: 83 KB - Last synced at: 9 days ago - Pushed at: over 1 year ago - Stars: 314 - Forks: 51
twistlock/whoc
A container image that exfiltrates the underlying container runtime to a remote server
Language: C - Size: 206 KB - Last synced at: 4 days ago - Pushed at: over 2 years ago - Stars: 133 - Forks: 11
r0binak/MTKPI
🧰 Multi Tool Kubernetes Pentest Image
Language: Shell - Size: 8.36 MB - Last synced at: 18 days ago - Pushed at: 18 days ago - Stars: 229 - Forks: 19
jetstack/paranoia
Inspect certificate authorities in container images
Language: Go - Size: 364 KB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 233 - Forks: 9
R3DRUN3/sploitcraft
🏴☠️ Hacking Guides, Demos and Proof-of-Concepts 🥷
Language: Jupyter Notebook - Size: 21 MB - Last synced at: 13 days ago - Pushed at: about 1 month ago - Stars: 196 - Forks: 27
ExploitWorks/EscalateX
A powerful Linux privilege escalation scanner — a feature-rich and modern alternative to LinPEAS, built for speed, depth, and clarity.
Language: Shell - Size: 316 KB - Last synced at: 23 days ago - Pushed at: 28 days ago - Stars: 28 - Forks: 0
sysdiglabs/security-playground
This is a sample application which runs an HTTP web server and allows to read and write files and exec commands
Language: Python - Size: 26.4 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 16 - Forks: 52
chaitin/libveinmind
一个由长亭自研,直观而可扩展的容器安全 SDK
Language: Go - Size: 277 KB - Last synced at: 3 days ago - Pushed at: almost 2 years ago - Stars: 121 - Forks: 19
koslib/awesome-containerized-security
A collection of tools to improve your containerized apps security posture
Size: 51.8 KB - Last synced at: 6 days ago - Pushed at: 11 months ago - Stars: 142 - Forks: 14
ellerbrock/docker-security-images
:closed_lock_with_key: Docker Container for Penetration Testing & Security
Size: 5.86 KB - Last synced at: 26 days ago - Pushed at: over 6 years ago - Stars: 232 - Forks: 33
mikonoid/CKS-exam-cheat-sheets
Preparation for CKS exam
Size: 159 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0
Vinum-Security/kubernetes-security-checklist
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)
Size: 111 KB - Last synced at: 4 days ago - Pushed at: over 3 years ago - Stars: 474 - Forks: 95
paulveillard/cybersecurity-container-security
An ongoing & curated collection of awesome frameworks, and most important libraries, videos, learning tutorials , tools and and cool stuff about containers.
Language: Shell - Size: 3.57 MB - Last synced at: 24 days ago - Pushed at: over 2 years ago - Stars: 41 - Forks: 3
shafiqul-islam-sumon/SecureDockerEnv
SecureDockerEnv is a Python project that securely manages environment variables in Docker without embedding them in images. It ensures safe injection of .env files at runtime, preventing credential leaks in containerized applications.
Language: Python - Size: 5.86 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0
brant-ruan/awesome-container-escape
collections of container escape techniques 🐿
Size: 4.88 KB - Last synced at: 7 days ago - Pushed at: about 4 years ago - Stars: 68 - Forks: 11
kubernetesvillage/ecr_eks_security_masterclass_public
EKS Goat: AWS ECR & EKS Security Workshop by Anjali & Divyanshu
Language: Shell - Size: 250 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 5 - Forks: 25
kube-tarian/sigrun
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
Language: Go - Size: 705 KB - Last synced at: 3 days ago - Pushed at: almost 2 years ago - Stars: 13 - Forks: 3
appvia/cosign-keyless-admission-webhook
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Language: JavaScript - Size: 150 KB - Last synced at: 28 days ago - Pushed at: about 2 months ago - Stars: 23 - Forks: 1
mikeroyal/OpenShift-Guide
OpenShift Guide. Learn about the Red Hat OpenShift Container Platform, Data Science, Code Ready Containers, Podman, Buildah, and Kubernetes.
Language: Python - Size: 247 KB - Last synced at: 27 days ago - Pushed at: over 1 year ago - Stars: 150 - Forks: 38
Pradumnasaraf/soss-scout-demo
The repository demonstrates the use of Docker Scout in a CI/CD pipeline to examine vulnerabilities in container images. This demo was presented at Secure Open Source Software (SOSS) Community Days India 2024.
Language: Dockerfile - Size: 1.35 MB - Last synced at: 10 days ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0
veilair/docker-development
An ongoing curated list of awesome frameworks, important books, articles, talks, libraries, learning tutorials, best practices and technical resources about Docke
Size: 375 KB - Last synced at: 2 months ago - Pushed at: about 3 years ago - Stars: 2 - Forks: 0
grantseltzer/karn
Simplifying Seccomp enforcement in containerized or non-containerized apps
Language: Go - Size: 3.49 MB - Last synced at: about 1 month ago - Pushed at: over 4 years ago - Stars: 110 - Forks: 13
blues-man/vote-app-gitops
A demo of cloud-native Inner Loop and Outer Loop controlling a 2-tier app (Python + Go) with Red Hat OpenShift using Tekton Pipelines, Argo CD GitOps, Eclipse Che aka OpenShift DevSpaces and Quay.io registry
Language: Smarty - Size: 2.82 MB - Last synced at: 24 days ago - Pushed at: 6 months ago - Stars: 16 - Forks: 51
0xN3utr0n/Kanis
Advanced threat detection solution for Linux.
Language: Go - Size: 151 KB - Last synced at: about 1 month ago - Pushed at: over 4 years ago - Stars: 36 - Forks: 4
trendmicro/tmas-scan-action
Vision One Container Security Scan Action
Language: Shell - Size: 31.3 KB - Last synced at: 8 months ago - Pushed at: 9 months ago - Stars: 7 - Forks: 4
project-copacetic/copa-extension
🐳 Docker Desktop extension for Copa
Language: TypeScript - Size: 2.24 MB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 4
mathieu-benoit/mathieu-benoit.github.io
The content of my blog hosted at: https://mathieu-benoit.github.io/
Language: HTML - Size: 3.92 MB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 3 - Forks: 3
null-open-security-community/Cloud-Project
Size: 6.84 KB - Last synced at: 9 months ago - Pushed at: over 4 years ago - Stars: 8 - Forks: 2
darkwizard242/ansible-role-trivy
Ansible role for Trivy. Available on Ansible Galaxy.
Language: Python - Size: 31.3 KB - Last synced at: about 2 months ago - Pushed at: 10 months ago - Stars: 3 - Forks: 0
pjbgf-archives/zaz 📦
A command line tool to automatically generate seccomp profiles.
Language: Go - Size: 2.16 MB - Last synced at: 5 months ago - Pushed at: about 4 years ago - Stars: 25 - Forks: 4
falcosecurity-retire/falco-security-workshop 📦
Container Security Workshop covering using Falco on Kubernetes.
Language: Python - Size: 4.59 MB - Last synced at: 12 days ago - Pushed at: about 4 years ago - Stars: 105 - Forks: 39
sysdiglabs/kube-psp-advisor
Help building an adaptive and fine-grained pod security policy
Language: Go - Size: 253 KB - Last synced at: 12 months ago - Pushed at: over 1 year ago - Stars: 328 - Forks: 41
Code-Triarii/ccse-ccsne-cks-cka-road-to-container-expert-trainings-security
This repository contains useful resources for preparing and obtaining the CCSE (Certified Container Security Expert) certification of practical devsecops organizations.
Language: Shell - Size: 8.55 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0
mathieu-benoit/kubernetes-security
WIP - List of best practices about Security with Kubernetes and containers
Size: 10.7 KB - Last synced at: about 1 year ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0
mathieu-benoit/cartservice 📦
My own cartservice coming from the GoogleCloudPlatform/microservices-demo repository
Language: C# - Size: 346 KB - Last synced at: about 1 year ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 2
ErdemOzgen/DevSecOpsBuilder
Automatic DevSecOps builder
Language: Python - Size: 1.52 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 6 - Forks: 2
CanonicalLtd/canonical-kubernetes-third-party-integrations 📦
Official repository for Canonical Kubernetes Third Party Integration Documentation
Size: 3.59 MB - Last synced at: about 1 year ago - Pushed at: over 6 years ago - Stars: 10 - Forks: 4
slimdevops/slim-containers
Tutorials, examples, and streaming notes
Language: Python - Size: 140 MB - Last synced at: 5 months ago - Pushed at: about 2 years ago - Stars: 21 - Forks: 9
CloudDefenseAI/falco_extended_rules
Curating Falco rules with MITRE ATT&CK Matrix
Language: Python - Size: 102 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 62 - Forks: 9
syn-4ck/fafnir-sec
fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.
Language: Python - Size: 14.3 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 2 - Forks: 0
stelligent/aws-anchore-engine-scanner
This guide details steps and procedures you can follow to create, launch and implement your own standalone container scanning solution within AWS ecosystem. This approach uses an opensource container scanning tool called Anchore Engine as a proof-of-concept and provides examples of how Anchore integrates with your favorite CI/CD systems orchestration platforms.
Language: Python - Size: 961 KB - Last synced at: 24 days ago - Pushed at: over 5 years ago - Stars: 9 - Forks: 3
HoussemDellai/kubernetes-allowed-registries-policy
Demoing whitelisting Container Registries in Kubernetes using OPA/Gatekeeper policy.
Size: 364 KB - Last synced at: 3 days ago - Pushed at: over 4 years ago - Stars: 6 - Forks: 11
sysdiglabs/secure-image-scanning
Image scanning with Sysdig Secure
Language: Shell - Size: 13.7 KB - Last synced at: about 2 months ago - Pushed at: about 5 years ago - Stars: 1 - Forks: 3
AkihiroSuda/cni-isolation 📦
CNI Bridge Isolation Plugin (Merged into the firewall plugin v1.1.0)
Language: Go - Size: 69.3 KB - Last synced at: 11 months ago - Pushed at: about 3 years ago - Stars: 9 - Forks: 1
litneet64/containerized-bomb-disposal
Set of dockerfiles meant for throw-away instances that achieve a singular purpose: to "safely" interact (run, play, unzip, etc) with programs or files without the need of a full VM to avoid compromise of the host machine. Think of it as a bomb disposal device for files you don't trust that much but still need to run, unzip or play.
Language: Dockerfile - Size: 41 KB - Last synced at: over 1 year ago - Pushed at: over 4 years ago - Stars: 0 - Forks: 0
anchore/ci-tools 📦
Contains scripts for running anchore engine in CI pipelines
Language: Shell - Size: 373 KB - Last synced at: 9 months ago - Pushed at: almost 3 years ago - Stars: 34 - Forks: 33
lawndoc/seccomp-ci-demo
Automate seccomp filter generation in your CI pipeline
Language: Python - Size: 24.4 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 2
fortify/fortify-ssc-parser-tenable-io-cs
Fortify SSC Parser Plugin for Tenable.io Container Security results
Language: Java - Size: 146 KB - Last synced at: about 1 year ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 0
mmadil/pwnage
Sample container image to demonstrate attack scenarios in containerized cluster environments.
Language: Dockerfile - Size: 2.93 KB - Last synced at: about 1 year ago - Pushed at: almost 4 years ago - Stars: 2 - Forks: 0
lightspin-tech/eks-creation-engine
The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.
Language: Python - Size: 85.9 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 39 - Forks: 12
nikhilnayak98/csvs
Security for Virtualization Systems Project
Language: Shell - Size: 118 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0
bsteen/cloud-covert-channels 📦
Creating covert channels in Linux-based cloud container environments
Language: C - Size: 2.45 MB - Last synced at: almost 2 years ago - Pushed at: about 3 years ago - Stars: 1 - Forks: 2
anchore/circleci-orbs
Repo for all Anchore circleci orb source code
Language: JavaScript - Size: 84 KB - Last synced at: 11 days ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 5
rahulroy1/oc-container-runtime-security
Implementing Container Runtime security monitoring in Redhat Openshift using Falco
Size: 987 KB - Last synced at: about 2 years ago - Pushed at: almost 4 years ago - Stars: 2 - Forks: 0
onzack/kube-scout
Vulnerability Management Tool for Kubernetes and Containers
Language: Vue - Size: 111 KB - Last synced at: 21 days ago - Pushed at: over 2 years ago - Stars: 6 - Forks: 1
