CentOS based Docker Security Architecture

Ansible role for Trivy. Available on Ansible Galaxy.

Sample container image to demonstrate attack scenarios in containerized cluster environments.

Implementing Container Runtime security monitoring in Redhat Openshift using Falco

WIP - List of best practices about Security with Kubernetes and containers

Fortify SSC Parser Plugin for Tenable.io Container Security results

This repository contains useful resources for preparing and obtaining the CCSE (Certified Container Security Expert) certification of practical devsecops organizations.

An ongoing curated list of awesome frameworks, important books, articles, talks, libraries, learning tutorials, best practices and technical resources about Docke

fafnir-sec is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the application's code.

CNI Bridge Isolation Plugin (Merged into the firewall plugin v1.1.0)

Set of dockerfiles meant for throw-away instances that achieve a singular purpose: to "safely" interact (run, play, unzip, etc) with programs or files without the need of a full VM to avoid compromise of the host machine. Think of it as a bomb disposal device for files you don't trust that much but still need to run, unzip or play.

Vulnerability Management Tool for Kubernetes and Containers

Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect

Vision One Container Security Scan Action

Automate seccomp filter generation in your CI pipeline

Creating covert channels in Linux-based cloud container environments

My own cartservice coming from the GoogleCloudPlatform/microservices-demo repository

Automatic DevSecOps builder