🔐 Docker Container for Penetration Testing & Security

Official repository for Canonical Kubernetes Third Party Integration Documentation

This guide details steps and procedures you can follow to create, launch and implement your own standalone container scanning solution within AWS ecosystem. This approach uses an opensource container scanning tool called Anchore Engine as a proof-of-concept and provides examples of how Anchore integrates with your favorite CI/CD systems orchestr…

Image scanning with Sysdig Secure

Simplifying Seccomp enforcement in containerized or non-containerized apps

Demoing whitelisting Container Registries in Kubernetes using OPA/Gatekeeper policy.

Advanced threat detection solution for Linux.

Set of dockerfiles meant for throw-away instances that achieve a singular purpose: to "safely" interact (run, play, unzip, etc) with programs or files without the need of a full VM to avoid compromise of the host machine. Think of it as a bomb disposal device for files you don't trust that much but still need to run, unzip or play.

collections of container escape techniques 🐿

A command line tool to automatically generate seccomp profiles.

Container Security Workshop covering using Falco on Kubernetes.

Implementing Container Runtime security monitoring in Redhat Openshift using Falco

Sample container image to demonstrate attack scenarios in containerized cluster environments.

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

Repo for all Anchore circleci orb source code

An ongoing curated list of awesome frameworks, important books, articles, talks, libraries, learning tutorials, best practices and technical resources about Docke

CNI Bridge Isolation Plugin (Merged into the firewall plugin v1.1.0)

Creating covert channels in Linux-based cloud container environments