Home

Awesome

awesome-container-security AwesomeTravis


A collection of container related security resources


Image


Deepfence Runtime Threat Mapper

Dagda

Port Authority Open Source Security Scanner for Docker

Understanding and Hardening Linux Containers

Security Assurance Requirements for Linux Application Container Deployments

Dramatically Reducing Software Vulnerabilities

CoreOS Clair

OpenSCAP Container Compliance

Actuary

Buildah

Packer

LinuxKit

Grafeas

Atomic Reactor

Containers Internals Lab

Anchore

Alpine CVE Check

Banyan Collector: A framework to peek inside containers

Commercial solutions


Build Management


Habitat.sh

Commercial solutions


Networking/Runtime


kubeadm

kiam

Secure Container Isolation: Problem Statement & Solution Space

gVisor

Cilium

Linux Monitoring at Scale with eBPF (Brendan Gregg & Alex Maestretti)

Calico

Kube2IAM

Envoy

Romana

Scope

Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud

Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs

Docker Layer 2 ICC Bug

Commercial solutions


Security profiles


bane

Container security as explained by the three pigs

SELinux for Mere Mortals

SELinux is no Longer an Option

Firejail

Docker SELinux Capabilities reference

Detailed post about SELinux Capabilities

What capabilities do I really need in my container?

Secure Your Containers with this One Weird Trick

Falco

Getting towards real sandbox containers

Bubblewrap

Subgraph

Linux Containers in 500 Lines of Code


Exploits


Threat Alert: Kinsing Malware Attacks Targeting Container Environments

harpoon

waitid

nsenter

Dirty COW

Docker CVE List

Three Overlooked Lessons about Container Security

Docker Scan

Twitter Vine Source Code Dump


Honeypots


How I capture and monitor Wordpress attacks

DShield

Dockerpot


Presentations/Posts


Pets, cattle and insects

Capability based sandboxing

Introduction to Container Security

GoDaddy's Production Kubernetes Story & Moving Target Defense in Container Envs

Container Security Round Table

Secure Substrate: Least Privilege Container Deployment

A Docker Image Walks Into a Notary

How Secure Are Your Docker Images?

Docker Security Deep Dive - Docker Track

Scaling Application Defense with Intent Based Security - Michael Withrow (Twistlock)

Container Performance Analysis

Docker Networking in Production at Visa

The Golden Ticket- Docker and High Security Microservices - Black Belt Track

Docker Engine Security Cheatsheet

Dance Madly on the Lip of a Volcano

Making Security Invisible - Jessica Frazelle - JOTB17

Vulnerability Exploitation In Docker Container Environments

Docker Security Best Practices

Kubernetes Security Best Practices