/awesome-containerized-security

A collection of tools to improve your containerized apps security posture

awesome-containerized-security

A collection of tools to improve your containerized apps security posture.

This aspires to be a curated list of awesome tools you can use in order to improve your security posture. The focus is on containerized applications.

Want to add something? Open a PR :)

Github Action examples coming soon, providing easy-to-use examples for your CI pipeline

Static code analysis

Image scanning / Registry

Container Scanning

Container Security Tools

Kubernetes cluster security

  • neuvector NeuVector is a kubernetes-native container security platform that delivers complete zero trust container security
  • kube-hunter
  • k8s network policies
  • eksuser
  • gatekeeper
  • kube-bench
  • kube-scan cluster risk assessment
  • teleport
  • kubescape misconfiguration scanning
  • datree E2E policy enforcement solution
  • kubeshark think TCPDump and Wireshark re-invented for Kubernetes
  • KubeHound is a Kubernetes attack graph tool allowing automated calculation of attack paths between assets in a cluster
  • Marvin is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues, misconfigurations and vulnerabilities.

Runtime level security

Dependencies management

Attack Surface Management

Web Application Scanning

Infrastructure Security Assessment

Monitoring

  • weave scope automatically detects processes, containers, hosts. No kernel modules, no agents, no special libraries, no coding. Seamless integration with Docker, Kubernetes, DCOS and AWS ECS.

Vulnerabilities

  • metahub is an ASFF security context enrichment and command line utility for AWS Security Hub.