anchore-engine
ochrona-cli
anchore-engine | ochrona-cli | |
---|---|---|
3 | 2 | |
1,529 | 51 | |
- | - | |
4.0 | 0.6 | |
over 1 year ago | over 1 year ago | |
Python | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
anchore-engine
-
A Tool To Advise What Apps Are Out Of Date Per Cluster?
There's also Anchore. - Also another thread w/ resources - https://www.reddit.com/r/kubernetes/comments/bx4w2h/track_outdated_images/.
-
How to Secure Your Kubernetes Clusters With Best Practices
Enable container image scanning in your CI/CD phase to catch known vulnerabilities using tools like clair or Anchore.
- What Vulnerability Scanning Services do you use?
ochrona-cli
What are some alternatives?
grype - A vulnerability scanner for container images and filesystems
pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
dagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
safety - Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
jellyfin-session-kicker - Session kicker after X amount of watch time for Jellyfin
best-of-python-dev - ๐ A ranked list of awesome python developer tools and libraries. Updated weekly.
quay - Build, Store, and Distribute your Applications and Containers
ggshield - Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
aura - Python source code auditing and static analysis on a large scale
in-toto - in-toto is a framework to protect supply chain integrity.
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
ThreatPlaybook - A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration