Container Security

SafeDep/vetGo

A CLI tool for real-time malicious package detection and software supply chain security across multiple ecosystems.

ebpfkitC

A rootkit that leverages eBPF to implement offensive security techniques like container breakouts, network scanning, and RASP bypass.

Snyk Test ActionHTML

A collection of GitHub Actions for Snyk to check projects for vulnerabilities across multiple languages and tools.

Docker Secure Deployment Guidelines

A deployment checklist for securely deploying Docker containers on Linux-based hosts.

docker-explorerPython

A forensic tool for exploring offline Docker container filesystems and metadata from disk images.

docker-explorerPython

A forensic tool for exploring offline Docker filesystems to analyze compromised containers.

coiPython

A security-hardened container runtime for AI coding agents using Incus system containers with real-time threat detection and credential isolation.

CIS Docker BenchmarkRuby

An InSpec compliance profile that automates security testing for Docker daemon and containers against CIS benchmarks.

Kubectrl KubesecGo

A kubectl plugin for security risk analysis of Kubernetes resources like pods, deployments, daemonsets, and statefulsets.

Awesome Kubernetes (K8s) Threat Detection

A curated list of resources for detecting threats and defending Kubernetes systems.

Managed Kubernetes Inspection Tool (MKIT)Dockerfile

A security inspection tool for managed Kubernetes clusters that identifies common misconfigurations via Docker container and web UI.

oci-seccomp-bpf-hookGo

An OCI hook that traces container syscalls using eBPF to generate tailored seccomp security profiles.

OpenSCAPShell

Tools for vulnerability scanning and compliance auditing of Docker containers and images using OpenSCAP.

kube-forensicsGo

A Kubernetes operator that creates checkpoint snapshots of running pods for offline forensic analysis after security incidents.

DockadvisorGo

A fast, lightweight Dockerfile linter written in Go that detects issues, enforces best practices, and provides quality scores.

DockerpotShell

A Docker-based honeypot that creates disposable containers to capture and analyze attack attempts.

Cilium

A curated list of awesome projects, tools, articles, and resources related to the Cilium eBPF-based networking and security platform.

CetusGuardGo

A security proxy that protects Docker daemon sockets by filtering API endpoint calls with configurable rules.

ssh-proxyPython

A Dockerized SSH bastion that proxies SSH connections to arbitrary containers within a cluster via a single exposed port.