#Seccomp

Showing 18 of 18 repositories tagged #seccomp, ranked by stars

slimtoolkit
slimtoolkit
slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Score
100
โ˜… 23.3k โ‘‚ 833 +1/day
Go
walidshaari
walidshaari
Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Score
100
โ˜… 2.1k โ‘‚ 558 โ€”
AGS Script
david942j
david942j
seccomp-tools

Provide powerful tools for seccomp analysis

Score
83
โ˜… 1.1k โ‘‚ 73 +1/day
Ruby
genuinetools
genuinetools
contained.af

A stupid game for learning about containers, capabilities, and syscalls.

Score
33
โ˜… 906 โ‘‚ 61 โ€”
JavaScript
kubernetes-sigs
kubernetes-sigs
security-profiles-operator

The Kubernetes Security Profiles Operator

Score
100
โ˜… 857 โ‘‚ 134 +1/day
C
fencesandbox
fencesandbox
fence

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

Score
50
โ˜… 841 โ‘‚ 33 +7/day
Go
bytedance
bytedance
vArmor

vArmor is a cloud-native container hardening system that leverages AppArmor/BPF/Seccomp and NetworkProxy technologies to enforce access control from system calls to application protocols โ€” protecting workloads including AI Agents.

Score
67
โ˜… 485 โ‘‚ 64 +1/day
Go
cea-sec
cea-sec
usbsas

Tool and framework for securely reading untrusted USB mass storage devices.

Score
50
โ˜… 372 โ‘‚ 34 โ€”
Rust
moabukar
moabukar
CKS-Exercises-Certified-Kubernetes-Security-Specialist

A set of curated exercises to help you prepare for the CKS exam

Score
25
โ˜… 288 โ‘‚ 177 โ€”
Shell
multikernel
multikernel
sandlock

The lightest AI sandbox. A process-based sandbox for Linux, no container, no VM, no privilege, no prompt injection

Score
100
โ˜… 281 โ‘‚ 30 +14/day
Rust
GreyhavenHQ
GreyhavenHQ
greywall

Container-free, deny-by-default sandbox for AI coding agents. Kernel-enforced filesystem, network, and syscall isolation for Linux and macOS

Score
0
โ˜… 254 โ‘‚ 31 +5/day
Go
alegrey91
alegrey91
harpoon

๐Ÿ” Function-level tracing tool for Seccomp profiling, with eBPF

Score
75
โ˜… 177 โ‘‚ 12 โ€”
C
elastic
elastic
go-seccomp-bpf

Go library for installing a seccomp BPF system call filter.

Score
0
โ˜… 99 โ‘‚ 22 +1/day
Go
antitree
antitree
syscall2seccomp

Build custom Docker seccomp profiles for containers by finding syscalls it uses.

Score
0
โ˜… 92 โ‘‚ 12 โ€”
Python
89luca89
89luca89
clampdown

Run AI coding agents in hardened container sandboxes.

Score
50
โ˜… 87 โ‘‚ 7 โ€”
Go
ceccomp
ceccomp
ceccomp

A tool to resolve seccomp just like seccomp-tools, written in C

Score
17
โ˜… 80 โ‘‚ 5 +1/day
C
souk4711
souk4711
hakoniwa

Process isolation for Linux using namespaces, resource limits, cgroups, landlock and seccomp.

Score
0
โ˜… 77 โ‘‚ 11 โ€”
Rust
Asuri-Team
Asuri-Team
xinetd-kafel

xinetd-kafel is a more secure replacement for xinetd with secure computing (seccomp, only work on linux)

Score
0
โ˜… 18 โ‘‚ 4 โ€”
C
Related Topics
#security#sandbox#apparmor#containers#landlock#docker#kubernetes#linux#golang#ctf#rust#security-tools

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly