{"id":39681,"url":"https://github.com/koslib/awesome-containerized-security","name":"awesome-containerized-security","description":"A collection of tools to improve your containerized apps security posture","projects_count":60,"last_synced_at":"2026-06-06T18:00:23.589Z","repository":{"id":37425707,"uuid":"502038595","full_name":"koslib/awesome-containerized-security","owner":"koslib","description":"A collection of tools to improve your containerized apps security posture","archived":false,"fork":false,"pushed_at":"2024-05-26T15:13:58.000Z","size":53,"stargazers_count":152,"open_issues_count":4,"forks_count":15,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-05-21T08:40:23.148Z","etag":null,"topics":["container-security","containers","devsecops","security-tools"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/koslib.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-06-10T12:40:22.000Z","updated_at":"2026-05-08T04:14:43.000Z","dependencies_parsed_at":"2023-01-29T23:16:04.036Z","dependency_job_id":"91752114-22b9-47f0-ac6e-87ab971f990e","html_url":"https://github.com/koslib/awesome-containerized-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/koslib/awesome-containerized-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koslib%2Fawesome-containerized-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koslib%2Fawesome-containerized-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koslib%2Fawesome-containerized-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koslib%2Fawesome-containerized-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/koslib","download_url":"https://codeload.github.com/koslib/awesome-containerized-security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koslib%2Fawesome-containerized-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33993195,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-06T02:00:07.033Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"created_at":"2024-01-13T16:06:47.654Z","updated_at":"2026-06-06T18:00:23.589Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["Container Security Tools","Container Scanning","Image scanning / Registry","Static code analysis","Monitoring","Dependencies management","Kubernetes cluster security","Attack Surface Management","Web Application Scanning","Infrastructure Security Assessment","Runtime level security","Vulnerabilities"],"sub_categories":[],"readme":"# awesome-containerized-security\nA collection of tools to improve your containerized apps security posture.\n\nThis aspires to be a curated list of awesome tools you can use in order to improve your security posture. The focus is on containerized applications. \n\nWant to add something? Open a PR :) \n\n\u003e Github Action examples coming soon, providing easy-to-use examples for your CI pipeline\n\n## Static code analysis\n\n- [semgrep](https://semgrep.dev/)\n- [sonarqube](https://www.sonarqube.org/)\n- [deepsource](https://deepsource.io/)\n- [embold](https://embold.io/)\n- [OWASP code crawler](https://wiki.owasp.org/index.php/Category:OWASP_Code_Crawler)\n- [OWASP Orizon](https://wiki.owasp.org/index.php/Category:OWASP_Orizon_Project)\n- [snyk code](https://snyk.io/product/snyk-code/)\n\n\n## Image scanning / Registry\n\n- [Docker Scout](https://docs.docker.com/scout/)\n- [AWS ECR Image Scanning](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html)\n- [Azure Container Registry scanning](https://azure.microsoft.com/en-us/updates/vulnerability-scanning-for-images-in-azure-container-registry-is-now-generally-available/)\n- [opa-docker-authz](https://github.com/open-policy-agent/opa-docker-authz) policy-enabled authorization plugin for Docker\n- [cosign](https://github.com/sigstore/cosign) Container Signing, Verification and Storage in an OCI registry.\n\n\n## Container Scanning\n\n- [snyk](https://snyk.io/product/container-vulnerability-management/)\n- [google cloud Container Scanning](https://cloud.google.com/container-analysis/docs/container-scanning-overview)\n- [gitlab container scanning](https://docs.gitlab.com/ee/user/application_security/container_scanning/)\n- [clair](https://github.com/quay/clair)\n- [docker bench security](https://github.com/docker/docker-bench-security)\n- [dagda](https://github.com/eliasgranderubio/dagda/)\n- [harbor](https://goharbor.io/)\n- [jfrog xray](https://jfrog.com/xray/)\n- [qualys](https://www.qualys.com/apps/container-security/)\n- [aquasec](https://www.aquasec.com/products/container-vulnerability-scanning/)\n- [twistlock](https://www.esecurityplanet.com/products/twistlock/)\n- [trivy](https://github.com/aquasecurity/trivy)\n- [grype](https://github.com/anchore/grype)\n\n\n## Container Security Tools\n\n- [kyverno](https://kyverno.io/)\n- [falco](https://falco.org/)\n- [cert-manager](https://cert-manager.io/docs/)\n- [anchore](https://anchore.com/opensource/)\n- [ksniff](https://github.com/eldadru/ksniff) sniff k8s pods traffic\n- [k8s pod security policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/)\n- [secret-diver](https://github.com/cider-rnd/secret-diver) analyzes secrets in containers\n- [oci-seccomp-bpf-hook](https://github.com/containers/oci-seccomp-bpf-hook) OCI hook to trace syscalls and generate a seccomp profile\n\n\n## Kubernetes cluster security\n\n- [neuvector](https://github.com/neuvector/neuvector) NeuVector is a kubernetes-native container security platform that delivers complete zero trust container security\n- [kube-hunter](https://github.com/aquasecurity/kube-hunter)\n- [k8s network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)\n- [eksuser](https://github.com/prabhatsharma/eksuser/)\n- [gatekeeper](https://github.com/open-policy-agent/gatekeeper)\n- [kube-bench](https://github.com/aquasecurity/kube-bench)\n- [kube-scan](https://github.com/octarinesec/kube-scan) cluster risk assessment\n- [teleport](https://github.com/gravitational/teleport)\n- [kubescape](https://github.com/armosec/kubescape) misconfiguration scanning\n- [datree](https://github.com/datreeio/datree) E2E policy enforcement solution\n- [kubeshark](https://github.com/kubeshark/kubeshark) think TCPDump and Wireshark re-invented for Kubernetes\n- [KubeHound](https://github.com/DataDog/KubeHound) is a Kubernetes attack graph tool allowing automated calculation of attack paths between assets in a cluster\n- [Marvin](https://github.com/undistro/marvin) is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues, misconfigurations and vulnerabilities.\n\n\n## Runtime level security\n\n- [sysbox](https://github.com/nestybox/sysbox)\n\n\n## Dependencies management\n\n- [dependabot](https://github.com/dependabot)\n- [renovate](https://github.com/renovatebot/renovate)\n- [greenkeeper](https://greenkeeper.io) for npm dependencies\n- [doppins](https://doppins.com)\n- [tidelift](https://tidelift.com)\n- [fossa](https://fossa.com)\n- [diun](https://github.com/crazy-max/diun)\n\n\n## Attack Surface Management\n\n- [detectify](https://detectify.com/product/surface-monitoring)\n\n## Web Application Scanning\n\n- [detectify](https://detectify.com/product/application-scanning)\n- [qualys](https://www.qualys.com/apps/web-app-scanning/)\n\n## Infrastructure Security Assessment\n- [prowler](https://prowler.pro/)\n\n## Monitoring\n\n- [weave scope](https://www.weave.works/oss/scope/) automatically detects processes, containers, hosts. No kernel modules, no agents, no special libraries, no coding. Seamless integration with Docker, Kubernetes, DCOS and AWS ECS.\n\n## Vulnerabilities\n\n- [metahub](https://github.com/gabrielsoltz/metahub) is an ASFF security context enrichment and command line utility for AWS Security Hub.\n","projects_url":"https://awesome.ecosyste.ms/api/v1/lists/koslib%2Fawesome-containerized-security/projects"}