Explore

- Restricts outbound network access during Docker builds to prevent supply chain attacks, working as a drop-in BuildKit remote driver for Docker Buildx, with ready-to-use GitHub Actions

- CetusGuard is a tool that protects the Docker daemon socket by filtering calls to its API endpoints

- Static analysis for infrastructure as code manifests (Terraform, Kubernetes, Cloudformation, Helm, Dockerfile, Kustomize) find security misconfiguration and fix them. By [bridgecrew](https://github.

:ice_cube: - This [InSpec][inspec] compliance profile implement the CIS Docker 1.12.0 Benchmark in an automated way to provide security best-practice tests around Docker daemon and containers in a pro

- Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [coreos][coreos]

- Aggregates 36 free threat intelligence feeds into 120k+ malicious IPs for CrowdSec bouncers, providing 10-20x more blocks than default lists. By [wolffcatskyy](https://github.com/wolffcatskyy)

:ice_cube: - Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and r

- Powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless. By [deepfence][deepfence]

- Script that checks for dozens of common best-practices around deploying Docker containers in production. By [docker][docker]

- A tool to help forensicate offline docker acquisitions

:ice_cube: - SSL-enabled Damn Vulnerable Web App to test Web Application Firewalls. By [Peco602][peco602]

- An infrastructure-as-code scanning tool, find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle. Can be extended for additional policie

- OpenSCAP provides oscap-docker tool which is used to scan Docker containers and images. By [OpenSCAP](https://github.com/OpenSCAP)

- Extracts network dependencies from Docker Compose, Kubernetes manifests, Helm charts, and other config files to generate Kubernetes NetworkPolicies with evidence tracing. By [dormstern](https://gith

- CLI tool and library for generating a Software Bill of Materials (SBOM) from container images and filesystems

- Sysdig Falco is an open source container security monitor. It can monitor application, container, host, and network activity and alert on unauthorized activity

:yen:- The Blockbridge plugin is a volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with fea

Backup Docker volumes locally or to any S3 compatible storage. By [offen](https://github.com/offen)

- Docker-based encrypted dual-storage backup automation using Duplicacy CLI with cross-site redundancy and Telegram notifications. By [GeiserX](https://github.com/GeiserX)

Docker NFS, AWS EFS, Ceph & Samba/CIFS Volume Plugin. By [ContainX][containx]

provides a vendor agnostic storage orchestration engine. The primary design goal is to provide persistent storage for Docker, Kubernetes, and Mesos. By[thecodeteam](https://github.com/thecodeteam) (DE

:ice_cube: - :yen: Software-defined Persistent Storage for Kubernetes and Docker Swarm

- A fast, keyboard-driven terminal UI to manage Docker containers, Compose stacks, and Swarm services with the ergonomics of K9s

- A tool for exploring each layer in a docker image. By [wagoodman](https://github.com/wagoodman)