#Container-security
Showing 27 of 27 repositories tagged #container-security, ranked by stars
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐
๐ฆ Make security testing of K8s, Docker, and Containerd easier.
๐งต CLI tool for directly patching container images!
veinmind-tools ๆฏ็ฑ้ฟไบญ็งๆ่ช็ ๏ผๅบไบ veinmind-sdk ๆ้ ็ๅฎนๅจๅฎๅ จๅทฅๅ ท้
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
A Blazing fast Security Auditing tool for Kubernetes
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.
Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)
Help building an adaptive and fine-grained pod security policy
awesome resources about cloud native security ๐ฟ
:closed_lock_with_key: Docker Container for Penetration Testing & Security
๐ดโโ ๏ธ Hacking Guides, Demos and Proof-of-Concepts ๐ฅท
ไธไธช็ฑ้ฟไบญ่ช็ ๏ผ็ด่ง่ๅฏๆฉๅฑ็ๅฎนๅจๅฎๅ จ SDK
Trivy Operator Dashboard: A comprehensive tool for Trivy Operator. Offers various dashboards and interactive pages where you can browse and inspect Trivy Reports. Built with C#, .NET 10 (backend), Angular 21, and Node.js 24 (frontend).
Curating Falco rules with MITRE ATT&CK Matrix
An open taxonomy and scoring framework for evaluating AI agent sandboxes: 7 defense layers, 7 threat categories, 3 evaluation dimensions, 27 "sandboxes" scored.
๐ DevSecOps intro elective โ 10 hands-on labs + 2 bonus hardening OWASP Juice Shop: threat modeling (STRIDE/Threagile), signed commits & secret scanning, SBOM/SCA, SAST + DAST, IaC security (Checkov/KICS), container & supply-chain hardening (Trivy, Cosign), runtime detection with Falco, and DefectDojo vuln management.
๐๐ง Run command in a secure OS-native sandbox (0 deps)
collections of container escape techniques ๐ฟ
The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.
๐ 50+ MCP Security Servers for AI-Powered Pentesting | Integrate Nmap, Burp Suite, Nuclei, Shodan, BloodHound, Semgrep, Trivy | Model Context Protocol for Cybersecurity
Tutorials, examples, and streaming notes
Zero-overhead eBPF process tracer for Linux malware triage and incident response. Traces syscalls, network, and file events per-process without strace overhead.
Deterministic Linux runtime enforcement with eBPF LSM: block file/network operations before syscalls complete.
A demo of cloud-native Inner Loop and Outer Loop controlling a 2-tier app (Python + Go) with Red Hat OpenShift using Tekton Pipelines, Argo CD GitOps, Eclipse Che aka OpenShift DevSpaces and Quay.io registry