Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Ask HN: Who is hiring? (January 2022)
28 projects | news.ycombinator.com | 3 Jan 2022
Aqua Security | Open Source Engineer (Go) | Remote
Aqua Security provides the next generation of Cloud Native security solutions, and open source has been core to our DNA and strategy. Our Open Source team is fully remote worldwide.
- https://github.com/aquasecurity/starboard : Kubernetes security, api-machinery and operators, security tool orchastration.
- https://github.com/aquasecurity/trivy : Vulnerability and misconfiguration scanning, image/packages/code, static analysis.
- https://github.com/aquasecurity/tracee : Runtime security, detect suspicious behavior, Linux and eBPF.
I'm the hiring manager, feel free to DM me on twitter @itaysk if you have questions.
I will also be looking for an Engineering Manager to join the team soon. Responsibilities include people management, product direction, cross-team collaboration enablement. Need to understand the cloud native and opens source landscape. If you're interested please DM me on Twitter since the job posting isn't up yet.
Just how broken is the current approach to managing dependencies?
1 project | reddit.com/r/learnprogramming | 22 Dec 2021
Introducing: Trivy - a vulnerability scanner I've been playing around with.
Log4J – A 10 step mitigation plan
4 projects | dev.to | 17 Dec 2021
Make sure you know what you are running on your platform. The Software Bill of Materials (SBoM) describes all the various software components on which your system is based. If you keep an active track of your SBoM with tools like OWASP dependencyTrack, it becomes easier to know whether software you are using is vulnerable. Additionally there are great open-source tools, like the OWASP Dependency Checker, Trivy, Clair, and many others which you can use as part of your CI/CD pipeline to detect whether some of the software you are building has known vulnerabilities.
GitHub - aquasecurity/trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
1 project | reddit.com/r/techtravel | 17 Dec 2021
trivy: scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues (findet auch u.a. log4j Probleme)
1 project | reddit.com/r/de_EDV | 16 Dec 2021
trivy: scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
1 project | reddit.com/r/coolgithubprojects | 16 Dec 2021
Hardening Your Kubernetes Cluster - Guidelines (Pt. 2)
1 project | dev.to | 15 Dec 2021
There are quite a few image scanning tools out there (for example, trivy), which can identify known vulnerabilities, outdated libraries, or misconfigurations, such as insecure ports or unnecessary permissions.
Failing builds in the CI/CD pipelines due to security vulnerabilities?
1 project | news.ycombinator.com | 9 Dec 2021
trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
1 project | reddit.com/r/CKsTechNews | 10 Nov 2021
Trivy: A scanner for vulnerabilities in containers, file systems, and Git repos
1 project | news.ycombinator.com | 10 Nov 2021
What are some alternatives?
clair - Vulnerability Static Analysis for Containers
grype - A vulnerability scanner for container images and filesystems
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities.
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
falco - Cloud Native Runtime Security
gitleaks - Scan git repos (or files) for secrets using regex and entropy 🔑
Grafana - The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
cost-model - Cross-cloud cost allocation models for Kubernetes workloads
hadolint - Dockerfile linter, validate inline bash, written in Haskell
prometheus - The Prometheus monitoring system and time series database.
caddy-docker - Source for the official Caddy v2 Docker Image
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: