10
GitHub - myugan/awesome-docker-security: 📚 A curated list of awesome Docker secu...
source link: https://github.com/myugan/awesome-docker-security
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Awesome Docker Security
List of awesome resources about docker security included books, blogs, video, tools and cases.
Table of Contents
Books
Blogs
Videos
Tools
Container Runtime
- gVisor - An application kernel, written in Go, that implements a substantial portion of the Linux system surface.
- Kata Container - An open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
- sysbox - An open-source container runtime that enables Docker containers to act as virtual servers capable of running software such as Systemd, Docker, and Kubernetes in them. Launch inner containers, knowing that the outer container is strongly isolated from the underlying host.
- Firecracker - An open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services.
Container Scanning
- trivy - A simple and comprehensive Vulnerability Scanner for Containers, suitable for CI.
- Clair - Vulnerability Static Analysis to discovering Common Vulnerability Exposure (CVE) on containers and can integrate with CI like Gitlab CI which included on their template.
- Harbor - An open source trusted cloud native registry project that equipped with several features such as RESTful API, Registry, Vulnerability Scanning, RBAC and etc.
- Anchore Engine - An open source project that provides a centralized service for inspection, analysis and certification of container images. Access the engine through a RESTful API and Anchore CLI then integrated with your CI/CD pipeline.
- grype - An open source project from Anchore to perform a vulnerability scanning for container images and filesystems.
- Dagda - A tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities.
- Synk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies support container scanning, application security.
Compliance
- Docker Bench for Security - A script that checks for dozens of common best-practices around deploying Docker containers in production.
- CIS Docker Benchmark - InSpec profile - Compliance profile implement the CIS Docker 1.13.0 Benchmark in an automated way to provide security best-practice tests around Docker daemon and containers in a production environment
- lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
- Open Policy Agent (OPA) - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.
- opa-docker-authz - A policy-enabled authorization plugin for Docker.
Pentesting
- BOtB - Container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies.
- Gorsair - A penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers.
- Cloud Container Attack Tool - A tool for testing security of container environments.
- DEEPCE - A tool for docker enumeration, escalation of privileges and container escapes.
Playground
- DockerSecurityPlayground (DSP) - A Microservices-based framework for the study of network security and penetration test techniques.
- Katacoda Courses: Docker Security - Learn Docker Security using Interactive Browser-Based Scenarios.
- Docker Security by Contol Plane - Learn Docker Security from Control Plane.
- Play with Docker - A simple, interactive, fun playground to learn Docker and its free.
Monitoring
- Falco - Cloud Native Runtime Security.
- Wazuh - Free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
- Weave Scope - Detects processes, containers, hosts. No kernel modules, no agents, no special libraries, no coding. Seamless integration with Docker, Kubernetes, DCOS and AWS ECS.
Others
- dive - A tool for exploring each layer in a docker image.
- hadolint - A smarter Dockerfile linter that helps you build best practice Docker images.
- dockle - Container image linter, help you to build the best practices Docker image.
- docker_auth - Authentication server for Docker Registry 2.
- bane - Custom & better AppArmor profile generator for Docker containers.
- secret-diver - Analyzes secrets in containers.
- confine - Generate SECCOMP profiles for Docker images.
- imgcrypt - OCI Image Encryption Package.
- lazydocker - A tool to manage docker images and containers easily.
Use Cases
Contributing
Your contributions are always welcome.
License
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK