|9 days ago||6 days ago|
|Apache License 2.0||Apache License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
A beginner's question : am I doing things the right way ?
1 project | reddit.com/r/docker | 17 Sep 2021
Check out dockle; https://github.com/goodwithtech/dockle
21 Best Practises in 2021 for Dockerfile
2 projects | dev.to | 29 May 2021
Container scanners not scan software not added by package manager
2 projects | news.ycombinator.com | 10 May 2022
- Use trivy or grype with software installed without package manager (via tar) e.g. eclipse-temurin in the alpine version. The java executable gets unpacked into /opt but is not recognized.
Image Scanning admission controllers
1 project | reddit.com/r/kubernetes | 4 May 2022
Yup, an Admission Controller is not the right tool to perform container image scans. That's where Trivy comes into play.
All about Komodor :- A Kubernetes Troubleshooting Platform and more
7 projects | dev.to | 6 Apr 2022
Kubernetes manifest needs to be secure and ValidKube helps us to achieve that with the help of the Aquasec team. The same YAML file mentioned above, we will run it through the "Secure" feature of ValidKube and let's see the results: It's Open source repository is named as trivy and it's repository is https://github.com/aquasecurity/trivy
Kubernetes Hardening Tutorial Part 3: Authn, Authz, Logging & Auditing
4 projects | dev.to | 15 Mar 2022
It's an open-source project by Aqua Security and you might have already known them because of their other project trivy which is a scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.
Kube-bench vs kubescape
1 project | reddit.com/r/kubernetes | 22 Feb 2022
Another one I would recommend looking at, if you want to do scanning of workload manifests (e.g. deployments) is Trivy (https://github.com/aquasecurity/trivy) which has some cool IaC scanning features.
Migrating azure repository to github, but keep Azure pipelines and workflow
1 project | reddit.com/r/azuredevops | 21 Feb 2022
- task: [email protected] displayName: Trivvy Scan for vunerabilties in both docker image and repository condition: succeeded() continueOnError: true inputs: targetType: inLine script: | set +x wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb sudo dpkg -i trivy_0.18.3_Linux-64bit.deb trivy fs --exit-code 1 --security-checks vuln,config $(System.DefaultWorkingDirectory) trivy image --exit-code 1 --timeout 15m $(imageRepo):$(imageTag)
Cloud Security: Container image and IaC scanning with Trivy
1 project | reddit.com/r/kubernetes | 17 Feb 2022
have a look at the repo, Trivy is all open source but let us know if you have any questions :) https://github.com/aquasecurity/trivy
A simple tool to audit Linux system libraries to find public security vulnerabilities.
4 projects | reddit.com/r/netsec | 11 Feb 2022
If you're looking for a good OS / library vulnerability scanner, I would recommend trivy.
[open-source] Validkube - Validate, Clean and Secure your K8s YAML
4 projects | reddit.com/r/kubernetes | 9 Feb 2022
The idea behind Validkube is to fuse together the capabilities of three other popular open-source projects (kubeval, kubectl-neat & trivy) and present them in a single view, providing users with a way to ensure YAML code hygiene and security, in one place, with just a few clicks of the button.
Custom dashboard with real-time service data
2 projects | reddit.com/r/selfhosted | 9 Feb 2022
What are some alternatives?
clair - Vulnerability Static Analysis for Containers
grype - A vulnerability scanner for container images and filesystems
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities.
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
checkov - Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
falco - Cloud Native Runtime Security
starboard - Kubernetes-native security toolkit
tfsec - Security scanner for your Terraform code
hadolint - Dockerfile linter, validate inline bash, written in Haskell
gitleaks - Scan git repos (or files) for secrets using regex and entropy 🔑
Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.