|about 2 months ago||2 days ago|
|Apache License 2.0||Apache License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GoKart: A static analysis tool for securing Go code
4 projects | news.ycombinator.com | 18 Aug 2021
Friends - needs help choosing solution for SBOM vulnerability
2 projects | /r/devops | 1 Jun 2023
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
17 projects | dev.to | 22 May 2023
Trivy is a mature and comprehensive open source tool from Aqua Security that supports scanning multiple sources, from file systems to containers and VMs. Trivy also looks beyond vulnerabilities, to scan licenses, secrets, infrastructure as code misconfiguration, and more.
Best vulnerability scanner for DevOps
2 projects | /r/devsecops | 19 May 2023
About Cloudflare Tunnels
3 projects | /r/selfhosted | 1 May 2023
I would suggest to think about the thread model that you are facing so you can have a better mental model of the weak points of your environment. The very very big majority of these attacks will be automated probing for publicly known vulnerabilities or default credentials. That means the maintainers of the software you are running and the channels on which their updates are shipped to you and deployed are very important factors. For software that is not installed from a trusted and well maintained source (e.g. Ubuntus main repository), you want to make extra sure that vulnerabilities are updated. E.g. your deployed docker containers might contain security issues, you can run checks on these with tools like trivy. The same is also true for appliances, in case your router or firewall contains a software vulnerability, how will you be notified and how will the required updates be deployed?
Security docker app
3 projects | /r/selfhosted | 20 Apr 2023
Open source container scanning tool to find vulnerabilities and suggest best practice improvements?
8 projects | /r/selfhosted | 15 Apr 2023
https://github.com/aquasecurity/trivy 17k stars, updated 11 hours ago8 projects | /r/selfhosted | 15 Apr 2023
How to scan and control the K8 objects are being created against security threats?
4 projects | /r/kubernetes | 24 Mar 2023
Trivy to scan your Container Image, for example as an Artefact finished building for your application in CI/CD.
Creating Safer Containerized PHP Runtimes with Wolfi
3 projects | dev.to | 3 Mar 2023
The combination of a smaller attack surface and up-to-date, patched packages in Wolfi results in less (always aiming for ZERO) CVEs. This can be demonstrated in the results obtained from Trivy when scanning the most popular PHP images on Docker Hub (with data from March 2, 2023) and comparing them with the Wolfi-based PHP image maintained by Chainguard:
nginx proxy manager, v3: is someone testing/using it? Experiences?
3 projects | /r/nginxproxymanager | 2 Mar 2023
There was a discussion, https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1812 , where docker container where analyzer by Trivy (a securitu scanner) https://github.com/aquasecurity/trivy and lot of library where old and exploitable.
What are some alternatives?
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
grype - A vulnerability scanner for container images and filesystems
clair - Vulnerability Static Analysis for Containers
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
falco - Cloud Native Runtime Security
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
hadolint - Dockerfile linter, validate inline bash, written in Haskell
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
tfsec - Security scanner for your Terraform code
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
gitleaks - Protect and discover secrets using Gitleaks 🔑