docker-bench-security
Filestash
docker-bench-security | Filestash | |
---|---|---|
13 | 108 | |
8,916 | 9,448 | |
0.7% | - | |
5.9 | 9.3 | |
21 days ago | 6 days ago | |
Shell | JavaScript | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-bench-security
-
Understanding Container Security
Scanning your container images for vulnerabilities is a good approach. But this scanning is not one time job, it should be done regularly (weekly, monthly, etc.) You need to follow vulnerability reports and fix all of the vulnerabilities as soon as possible. I recommend some open-source tools that could be useful: Trivy, Docker-Bench, Grype.
-
Security docker app
For Docker configuration I have used this in the past (it utilizes the CIS Docker Benchmark): https://github.com/docker/docker-bench-security
- What's your favourite Docker Image, and why?
-
Docker image scan against cis benchmark
So the main tool to scan against the CIS Docker benchmark (I'm presuming that's the one you're interested in) is https://github.com/docker/docker-bench-security .
-
How to enhance container security using Docker Bench
git clone https://github.com/docker/docker-bench-security.git cd docker-bench-security sudo sh docker-bench-security.sh
-
Importing certificates into containers
when deploying images on cloud, I always run it thru "docker bench security" It helps finding potential security holes in my images.
-
How to Secure Your Kubernetes Clusters With Best Practices
Use Docker Bench for Security to audit your container images
-
Container security best practices: Comprehensive guide
Other tools you can use are linux-bench, docker-bench, kube-bench, kube-hunter, kube-striker, Cloud Custodian, OVAL, and OS Query.
- hardening my container: am i doing things right?
-
What do you have within your pipelines to ensure that containers deployed are secure?
I run https://github.com/docker/docker-bench-security against my environment. I would determine what was non-applicable/not scored and then start with scored. Then I would do not scored. My team had made their own Dockerfiles when I started and just grabbed whatever image/version and getting things baselined was not fun. I had to do this for docker-compose and stay on version 2 yml as otherwise I had to go to swarm.
Filestash
- Ask HN: What Underrated Open Source Project Deserves More Recognition?
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Filestash — A Dropbox-like file manager that connects to a range of protocols and platforms: S3, FTP, SFTP, Minio, Git, WebDAV, Backblaze, LDAP and more.
-
Ask HN: What apps have you created for your own use?
I made https://github.com/mickael-kerjean/filestash out of the need to collaborate on org mode documents with non emacs users. Once the first release was done, I got to reflect on the infamous top comment of the Dropbox HN to make an attempt at abstracting the storage aspect of Dropbox so those org document could be made stored on a FTP server, SFTP, S3, ....
-
Ask HN: Experience using your user's Google Drive instead of a database?
> we need an abstraction for just this. "Bring your own storage"
I made exactly this: https://github.com/mickael-kerjean/filestash and there's an API from which you can abstract any kind of storage: S3, SFTP, FTP, GIT, WebDav, Samba, Local FS, NFS, Backblaze, Storj, Artifactory, .... There's even some funky ones like Mysql from which you have an abstraction where first level folders are databases, second level folders are tables and files are the actual rows
-
Let's learn how modern JavaScript frameworks work by building one
Yes, I rewrote my react app onto vanilla JS using nothing else than rxjs, didn't have the time to document it all yet but it looks like this: https://github.com/mickael-kerjean/filestash/blob/master/pub...
-
Found the ultimate Nextcloud / Owncloud replacement!
I'm not familiar with Cloudreve, but FileStash is a similar application often recommended on this subreddit.
-
HTML Web Components
I do use them on my OSS work (https://github.com/mickael-kerjean/filestash/tree/master/pub...) which is used by many thousands of people
-
UI frameworks are stuck in the last decade
- [2] current state of the rewrite where you can see this pattern in action https://github.com/mickael-kerjean/filestash-rewrite/tree/ma...
-
Ask HN: Tell us about your project that's not done yet but you want feedback on
https://github.com/mickael-kerjean/filestash
This is what I wish Dropbox was, a simple layer that make interacting with your FTP server easy so nobody has to own your data. The end game is both to be feature complete with Dropbox and be able to change every aspect of the application through plugin so everyone can get out what they want from it.
-
Meta pledges Three-Year sponsorship for Python if GIL removal is accepted
> but I don't think its the companies responsibility to give back to open source just because they use it
As someone who does quite a bit of OSS, the reality is most people are asking for things but aren't willing to pay for it. Take Microsoft, I had one of their employee asking me to support their azure stuff: https://github.com/mickael-kerjean/filestash/issues/180. When I found out the dude was actually employed by Microsoft, he started to talk some nonsense and ended up running away.
What are some alternatives?
hadolint - Dockerfile linter, validate inline bash, written in Haskell
filemanager - 📂 Web File Browser
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
SFTPGo - Full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
filegator - Powerful Multi-User File Manager
gosec - Go security checker
minio - The Object Store for AI Data Infrastructure
SonarQube - Continuous Inspection
h5ai - HTTP web server index for Apache httpd, lighttpd and nginx.
tfsec - Security scanner for your Terraform code
Apaxy - a simple, customisable theme for your apache directory listing