docker-bench-security VS Filestash

Scanning your container images for vulnerabilities is a good approach. But this scanning is not one time job, it should be done regularly (weekly, monthly, etc.) You need to follow vulnerability reports and fix all of the vulnerabilities as soon as possible. I recommend some open-source tools that could be useful: Trivy, Docker-Bench, Grype.

For Docker configuration I have used this in the past (it utilizes the CIS Docker Benchmark): https://github.com/docker/docker-bench-security

So the main tool to scan against the CIS Docker benchmark (I'm presuming that's the one you're interested in) is https://github.com/docker/docker-bench-security .

git clone https://github.com/docker/docker-bench-security.git cd docker-bench-security sudo sh docker-bench-security.sh

when deploying images on cloud, I always run it thru "docker bench security" It helps finding potential security holes in my images.

Use Docker Bench for Security to audit your container images

Other tools you can use are linux-bench, docker-bench, kube-bench, kube-hunter, kube-striker, Cloud Custodian, OVAL, and OS Query.

I run https://github.com/docker/docker-bench-security against my environment. I would determine what was non-applicable/not scored and then start with scored. Then I would do not scored. My team had made their own Dockerfiles when I started and just grabbed whatever image/version and getting things baselined was not fun. I had to do this for docker-compose and stay on version 2 yml as otherwise I had to go to swarm.

Filestash — A Dropbox-like file manager that connects to a range of protocols and platforms: S3, FTP, SFTP, Minio, Git, WebDAV, Backblaze, LDAP and more.

I made https://github.com/mickael-kerjean/filestash out of the need to collaborate on org mode documents with non emacs users. Once the first release was done, I got to reflect on the infamous top comment of the Dropbox HN to make an attempt at abstracting the storage aspect of Dropbox so those org document could be made stored on a FTP server, SFTP, S3, ....

> we need an abstraction for just this. "Bring your own storage"

I made exactly this: https://github.com/mickael-kerjean/filestash and there's an API from which you can abstract any kind of storage: S3, SFTP, FTP, GIT, WebDav, Samba, Local FS, NFS, Backblaze, Storj, Artifactory, .... There's even some funky ones like Mysql from which you have an abstraction where first level folders are databases, second level folders are tables and files are the actual rows

Yes, I rewrote my react app onto vanilla JS using nothing else than rxjs, didn't have the time to document it all yet but it looks like this: https://github.com/mickael-kerjean/filestash/blob/master/pub...

I'm not familiar with Cloudreve, but FileStash is a similar application often recommended on this subreddit.

I do use them on my OSS work (https://github.com/mickael-kerjean/filestash/tree/master/pub...) which is used by many thousands of people

- [2] current state of the rewrite where you can see this pattern in action https://github.com/mickael-kerjean/filestash-rewrite/tree/ma...

https://github.com/mickael-kerjean/filestash

This is what I wish Dropbox was, a simple layer that make interacting with your FTP server easy so nobody has to own your data. The end game is both to be feature complete with Dropbox and be able to change every aspect of the application through plugin so everyone can get out what they want from it.

> but I don't think its the companies responsibility to give back to open source just because they use it

As someone who does quite a bit of OSS, the reality is most people are asking for things but aren't willing to pay for it. Take Microsoft, I had one of their employee asking me to support their azure stuff: https://github.com/mickael-kerjean/filestash/issues/180. When I found out the dude was actually employed by Microsoft, he started to talk some nonsense and ended up running away.