{"id":21098957,"url":"https://github.com/omerlh/container-security-testing","last_synced_at":"2025-10-11T12:09:49.064Z","repository":{"id":78378680,"uuid":"142981533","full_name":"omerlh/container-security-testing","owner":"omerlh","description":"A list of security testing tools for containerized applications","archived":false,"fork":false,"pushed_at":"2018-10-08T18:13:32.000Z","size":1643,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-16T16:50:06.773Z","etag":null,"topics":["appsec","cicd","containers","devsecops","docker","kubernetes","security-testing"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/omerlh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-07-31T07:55:01.000Z","updated_at":"2020-08-04T09:30:38.000Z","dependencies_parsed_at":"2023-03-05T14:45:24.070Z","dependency_job_id":null,"html_url":"https://github.com/omerlh/container-security-testing","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/omerlh/container-security-testing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerlh%2Fcontainer-security-testing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerlh%2Fcontainer-security-testing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerlh%2Fcontainer-security-testing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerlh%2Fcontainer-security-testing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/omerlh","download_url":"https://codeload.github.com/omerlh/container-security-testing/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omerlh%2Fcontainer-security-testing/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279007135,"owners_count":26084246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","cicd","containers","devsecops","docker","kubernetes","security-testing"],"created_at":"2024-11-19T22:57:22.831Z","updated_at":"2025-10-11T12:09:49.058Z","avatar_url":"https://github.com/omerlh.png","language":"C#","readme":"# Container Security Testing\nThis repo demo various security tools that can be used to scan containerized applications for security issues.\nAll the tools in this repo are free and open source, and you can start using them today.\nTo learn more about the tools mentioned here, checkout [this blog post](https://www.omerlh.info/2018/10/04/write-good-code-with-security-tests/?utm_source=github) - \n\n## Sample App\nAll the tools are running on a sample app that I created.\nThe app is a simple dotnet core webapi, with one controller that return all the open positions at [Soluto](https://www.solutotlv.com/), where I'm working.\nTo run the sample app, run (in `src` folder):\n```\ndotnet run\n```\nAnd open `http://localhost:5000/api/openpositions/` in your browser.\n\n## Tools\nYou can see the output of the tools under `artifacts` folder, or run them manually as explained below.\n### Static Analysis\nI'm using [DevSkim](https://github.com/Microsoft/DevSkim), a static analyzer with IDE integration. \nTo view the results, install one of the extensions (for example, the one for VS Code).\nOpen `OpenPositionsController`, you should see warnings from the static analysis.\n\n### Dynamic Analysis\nI'm using [OWASP Zaproxy](https://github.com/zaproxy/zaproxy), a security tool by OWASP. To run it:\n```\n ./scripts/run_tests.sh\n```\nWhen the test execution completed, you can find the report under `glue/report.html`.\n\n### Dependency Scanning\nI'm using [Retire.Net](https://github.com/RetireNet/dotnet-retire), a dependency scanner for dotnet. After installing it, run (in `src` folder):\n```\ndotnet retire\n```\n\n### Docker Image Scanning\nI'm using [Anchore Engine](https://github.com/anchore/anchore-engine/), a service that scan docker images. To scan the sample app using Anchore:\n* Launch anchore by running `docker-compose up -d` in `anchore-engine` folder.\n* Scan an image by executing the following POST request:\n```\nPOST /v1/images HTTP/1.1\nHost: localhost:8228\nContent-Type: application/json\nAuthorization: Basic YWRtaW46Zm9vYmFy\nCache-Control: no-cache\n{\n\t\"tag\": \"omerlh/open-positions-api:1\"\n}\n```\n* Extract the `imageDigest` from the response JSON and use it to get the image vulnerabilities:\n```\nGET /v1/images/\u003cimageDigest\u003e HTTP/1.1\nHost: localhost:8228\nContent-Type: application/json\nAuthorization: Basic YWRtaW46Zm9vYmFy\nCache-Control: no-cache\n```\nThe analyze process might take a while, but when it complete the response will contain all the known vulnerabilities for this image.\n\n### Kubernetes Files Scanning\nI'm using `https://kubesec.io/`. Run it using (in `kubernetes` folder):\n```\n./kubesec deployment.yaml\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomerlh%2Fcontainer-security-testing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fomerlh%2Fcontainer-security-testing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomerlh%2Fcontainer-security-testing/lists"}