A collection of tools to improve your containerized apps security posture.
This aspires to be a curated list of awesome tools you can use in order to improve your security posture. The focus is on containerized applications.
Want to add something? Open a PR :)
Github Action examples coming soon, providing easy-to-use examples for your CI pipeline
- Docker Scout
- AWS ECR Image Scanning
- Azure Container Registry scanning
- opa-docker-authz policy-enabled authorization plugin for Docker
- cosign Container Signing, Verification and Storage in an OCI registry.
- snyk
- google cloud Container Scanning
- gitlab container scanning
- clair
- docker bench security
- dagda
- harbor
- jfrog xray
- qualys
- aquasec
- twistlock
- trivy
- grype
- kyverno
- falco
- cert-manager
- anchore
- ksniff sniff k8s pods traffic
- k8s pod security policies
- secret-diver analyzes secrets in containers
- oci-seccomp-bpf-hook OCI hook to trace syscalls and generate a seccomp profile
- neuvector NeuVector is a kubernetes-native container security platform that delivers complete zero trust container security
- kube-hunter
- k8s network policies
- eksuser
- gatekeeper
- kube-bench
- kube-scan cluster risk assessment
- teleport
- kubescape misconfiguration scanning
- datree E2E policy enforcement solution
- kubeshark think TCPDump and Wireshark re-invented for Kubernetes
- KubeHound is a Kubernetes attack graph tool allowing automated calculation of attack paths between assets in a cluster
- Marvin is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues, misconfigurations and vulnerabilities.
- dependabot
- renovate
- greenkeeper for npm dependencies
- doppins
- tidelift
- fossa
- diun
- weave scope automatically detects processes, containers, hosts. No kernel modules, no agents, no special libraries, no coding. Seamless integration with Docker, Kubernetes, DCOS and AWS ECS.
- metahub is an ASFF security context enrichment and command line utility for AWS Security Hub.