hadolint
trivy
hadolint | trivy | |
---|---|---|
27 | 90 | |
10,602 | 24,333 | |
1.1% | 2.2% | |
5.8 | 9.8 | |
about 1 month ago | 6 days ago | |
Haskell | Go | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hadolint
-
10 Docker Security Best Practices
One such linter is hadolint. It parses a Dockerfile and shows a warning for any errors that do not match its best practice rules.
-
Top FP technologies
Like hadolint: Dockerfile linter, validate inline bash, written in Haskell; Purescript, Unison, Idris languages implemented in Haskell. I recommend to check ideas behinds those projects. Especially Unison's mind-blowing something naive idea about infinite computational resources.
-
Cloud Security and Resilience: DevSecOps Tools and Practices
3. Hadolint: https://github.com/hadolint/hadolint Hadolint is a Dockerfile linter that helps you build best practice Docker images, reducing vulnerabilities in your container configurations.
- Dockerfile Linter
-
Writing a Minecraft server from scratch in Bash (2022)
To skip the "move your scripts to standalone files" step some devs don't like, consider something like https://github.com/hadolint/hadolint which runs Shellcheck over inline scripts within Containerfiles.
-
I reduced the size of my Docker image by 40% – Dockerizing shell scripts
This is neat :)
I love going and making containers smaller and faster to build.
I don't know if it's useful for alpine, but adding a --mount=type=cache argument to the RUN command that `apk add`s might shave a few seconds off rebuilds. Probably not worth it, in your case, unless you're invalidating the cached layer often (adding or removing deps, intentionally building without layer caching to ensure you have the latest packages).
Hadolint is another tool worth checking out if you like spending time messing with Dockerfiles: https://github.com/hadolint/hadolint
-
Top 10 common Dockerfile linting issues
With Depot, we make use of two Dockerfile linters, hadolint and a set of Dockerfile linter rules that Semgrep has written to make a bit of a smarter Dockerfile linter.
-
hadolint - Dockerfile linter
# Download hadolint wget https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 # Download SHA256 checksum wget https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64.sha256 # Validate the checksum sha256sum -c hadolint-Linux-x86_64.sha256 # Make the file executable chmod + ./hadolint-Linux-x86_64 # Rename the file mv hadolint-Linux-x86_64 hadolint
- Haskell Dockerfile Linter
-
Is adding a USER best practice?
The most common linter I've seen and used it Hadolint, which does: https://github.com/hadolint/hadolint/wiki/DL3002 I didn't bother checking to see if alternatives also support this as well though.
trivy
-
Terraform Cookbook: Development Environment Recipe
Trivy: security scanner for IaC and dependencies
-
Building Web Applications Using Amazon EKS : AWS Project
Prior to deploying kubernetes manifest files to EKS Cluster, supplementary steps need to be added to prevent security and misconfiguration issue by using both *Checkov *and Trivy . Also, we will use seperate ArgoCD account from admin user that we’ve used in the previous lab. This will follow ArgoCD RBAC rule to secure ArgoCD and EKS cluster ultimately.
- 🛡️ Effective Vulnerability Monitoring in Kubernetes
-
Dockerfile Best Practices: Building Efficient and Secure Containers
Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.
-
Day 25: Container Security with Trivy - My 90 Days of DevOps Journey
Since I'm working on a Windows machine, I went straight to the Trivy website (https://aquasecurity.github.io/trivy/) to download the latest release. The official website is the best place to get the latest version of Trivy. This direct approach gives me more control over the installation process.
-
How to secure Terraform code with Trivy
There are also pre-built packages available for various Linux distros, or grab the binary from GitHub releases: https://github.com/aquasecurity/trivy/releases
-
Enhancing Kubernetes Security with Trivy : Day 15 of 50 days DevOps Tools Series
name: CI on: [push, pull_request] jobs: trivy: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v2 - name: Set up Trivy run: | sudo apt-get update && sudo apt-get install -y wget wget https://github.com/aquasecurity/trivy/releases/download/v0.28.1/trivy_0.28.1_Linux-64bit.deb sudo dpkg -i trivy_0.28.1_Linux-64bit.deb - name: Scan Docker image run: | docker build -t my-docker-image:latest . trivy image my-docker-image:latest - name: Scan Kubernetes manifests run: | trivy k8s --file /path/to/manifest.yaml
-
Cloud Security and Resilience: DevSecOps Tools and Practices
4. Trivy: https://github.com/aquasecurity/trivy Trivy is a versatile tool that scans for vulnerabilities in your containers, and also checks for vulnerabilities in your application dependencies.
-
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec
- Suas imagens de container não estão seguras!
What are some alternatives?
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
stan - 🕵️ Haskell STatic ANalyser
grype - A vulnerability scanner for container images and filesystems
hlint - Haskell source code suggestions
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
ormolu - A formatter for Haskell source code
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
bisect-binary - Tool to determine relevant parts of binary data
SonarQube - Continuous Inspection
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems