|6 days ago||1 day ago|
|GNU General Public License v3.0 only||Apache License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Checkmake: Experimental Linter/Analyzer for Makefiles
6 projects | news.ycombinator.com | 14 Aug 2022
Some discussion on that here:
The hadolint project does shell checking for Dockerfiles and it uses shellcheck:
So the approach is definitely feasible, but you do need a new project and probably it needs to be written in Haskell.
Dokter: the doctor for your Dockerfiles
2 projects | /r/Python | 12 Aug 2022
how does this compare to something like hadolint?5 projects | /r/docker | 12 Aug 2022
Also, have you run across Hadolint for linting? https://github.com/hadolint/hadolint
Are there tools that tell you if you can optimize your dockerfiles?
5 projects | /r/docker | 8 Jul 2022
Wow that's a great tool and it has a ton of integrations https://github.com/hadolint/hadolint/blob/master/docs/INTEGRATION.md
Dhall: A Gateway Drug to Haskell
27 projects | news.ycombinator.com | 7 Jun 2022
can you recommend active Haskell open source projects?
16 projects | /r/haskell | 30 Mar 2022
Just Say No To `:Latest`
3 projects | news.ycombinator.com | 6 Mar 2022
Worth noting that Hadolint raises warnings the issues mentioned in the article. Some examples of warnings:
- https://github.com/hadolint/hadolint/wiki/DL3007: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag.
Kubernetes Security Checklist 2021
28 projects | dev.to | 18 Oct 2021
Dockerfile should be checked during development by automated scanners (Kics, Hadolint, Conftest)
3 projects | /r/u_sybrenbolandit | 31 Aug 2021
Linters are an effective way to catch (security) bugs early on in your development process. For most programming languages using linters is pretty standard. Hadolint is a linter for your Dockerfiles and is found on github here.
Best Practices for R with Docker
8 projects | dev.to | 31 May 2021
Best practices for writing Dockerfiles are being followed more and more often according to this paper after mining more than 10 million Dockerfiles on Docker Hub and GitHub. However, there is still room for improvement. This is where linters come in as useful tools for static code analysis. Hadolint lists lots of rules for Dockerfiles and is available as a VS Code extension.
Friends - needs help choosing solution for SBOM vulnerability
2 projects | /r/devops | 1 Jun 2023
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
17 projects | dev.to | 22 May 2023
Trivy is a mature and comprehensive open source tool from Aqua Security that supports scanning multiple sources, from file systems to containers and VMs. Trivy also looks beyond vulnerabilities, to scan licenses, secrets, infrastructure as code misconfiguration, and more.
Best vulnerability scanner for DevOps
2 projects | /r/devsecops | 19 May 2023
About Cloudflare Tunnels
3 projects | /r/selfhosted | 1 May 2023
I would suggest to think about the thread model that you are facing so you can have a better mental model of the weak points of your environment. The very very big majority of these attacks will be automated probing for publicly known vulnerabilities or default credentials. That means the maintainers of the software you are running and the channels on which their updates are shipped to you and deployed are very important factors. For software that is not installed from a trusted and well maintained source (e.g. Ubuntus main repository), you want to make extra sure that vulnerabilities are updated. E.g. your deployed docker containers might contain security issues, you can run checks on these with tools like trivy. The same is also true for appliances, in case your router or firewall contains a software vulnerability, how will you be notified and how will the required updates be deployed?
Security docker app
3 projects | /r/selfhosted | 20 Apr 2023
Open source container scanning tool to find vulnerabilities and suggest best practice improvements?
8 projects | /r/selfhosted | 15 Apr 2023
https://github.com/aquasecurity/trivy 17k stars, updated 11 hours ago8 projects | /r/selfhosted | 15 Apr 2023
How to scan and control the K8 objects are being created against security threats?
4 projects | /r/kubernetes | 24 Mar 2023
Trivy to scan your Container Image, for example as an Artefact finished building for your application in CI/CD.
Creating Safer Containerized PHP Runtimes with Wolfi
3 projects | dev.to | 3 Mar 2023
The combination of a smaller attack surface and up-to-date, patched packages in Wolfi results in less (always aiming for ZERO) CVEs. This can be demonstrated in the results obtained from Trivy when scanning the most popular PHP images on Docker Hub (with data from March 2, 2023) and comparing them with the Wolfi-based PHP image maintained by Chainguard:
nginx proxy manager, v3: is someone testing/using it? Experiences?
3 projects | /r/nginxproxymanager | 2 Mar 2023
There was a discussion, https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/1812 , where docker container where analyzer by Trivy (a securitu scanner) https://github.com/aquasecurity/trivy and lot of library where old and exploitable.
What are some alternatives?
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
grype - A vulnerability scanner for container images and filesystems
clair - Vulnerability Static Analysis for Containers
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
falco - Cloud Native Runtime Security
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
tfsec - Security scanner for your Terraform code
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
gitleaks - Protect and discover secrets using Gitleaks 🔑