awesome-containerized-security

A collection of tools to improve your containerized apps security posture.

This aspires to be a curated list of awesome tools you can use in order to improve your security posture. The focus is on containerized applications.

Want to add something? Open a PR :)

Github Action examples coming soon, providing easy-to-use examples for your CI pipeline

Static code analysis

• semgrep
• sonarqube
• deepsource
• embold
• OWASP code crawler
• OWASP Orizon
• snyk code

Image scanning / Registry

• docker scan
• AWS ECR Image Scanning
• Azure Container Registry scanning
• opa-docker-authz policy-enabled authorization plugin for Docker
• cosign Container Signing, Verification and Storage in an OCI registry.

Container Scanning

• snyk
• google cloud Container Scanning
• gitlab container scanning
• clair
• docker bench security
• dagda
• harbor
• jfrog xray
• qualys
• aquasec
• twistlock
• trivy
• grype

Container Security Tools

• kyverno
• falco
• cert-manager
• anchore
• ksniff sniff k8s pods traffic
• k8s pod security policies
• secret-diver analyzes secrets in containers
• oci-seccomp-bpf-hook OCI hook to trace syscalls and generate a seccomp profile

Kubernetes cluster security

• kube-hunter
• k8s network policies
• eksuser
• gatekeeper
• kube-bench
• kube-scan cluster risk assessment
• teleport
• kubescape misconfiguration scanning
• datree E2E policy enforcement solution
• kubeshark think TCPDump and Wireshark re-invented for Kubernetes

Runtime level security

• sysbox

Dependencies management

• dependabot
• renovate
• greenkeeper for npm dependencies
• doppins
• tidelift
• fossa
• diun

Attack Surface Management

• detectify

Web Application Scanning

• detectify
• qualys

Infrastructure Security Assessment

• prowler

Monitoring

• weave scope automatically detects processes, containers, hosts. No kernel modules, no agents, no special libraries, no coding. Seamless integration with Docker, Kubernetes, DCOS and AWS ECS.