labs
amicontained
Our great sponsors
labs | amicontained | |
---|---|---|
3 | 4 | |
11,382 | 947 | |
- | 1.5% | |
0.0 | 0.0 | |
9 months ago | over 3 years ago | |
PHP | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
labs
-
The Ultimate Roadmap and Free Resources for Becoming a DevOps Engineer in 2023
Docker: Get Started (https://docs.docker.com/get-started/) Docker Labs (https://github.com/docker/labs)
-
How to “dockerize” existing web apps (“php + mySQL” app, and “node.js + express + mongodb” app)
You can find some intro and tutorials to catch up on docker https://github.com/docker/labs
-
Hardening Docker and Kubernetes with seccomp
These JSON profiles can use quite a few options and can become very complex, so the one above is really trimmed it down to bare minimum. To see how real profile would look like you can check out Dockers profile here.
amicontained
-
Is there a trick to know we're in a container?
If you want a tool based solution to this, tools like amicontained can tell you that in a container and some information about the sandbox.
-
Ask r/kubernetes: What are you working on this week?
I'm looking into SECCOMP profiles as well, but so far is seems a lot of pain for little gain. This series by Paulo Gomes is my starting point. part2 part3 testing-container.
-
Container capabilities
If you want to check the exact syscalls and caps in a container, getting a shell and using something like amicontained https://github.com/genuinetools/amicontained is a good option.
-
Hardening Docker and Kubernetes with seccomp
We made a few changes here. Namely, we changed seccompProfile section where we specify RuntimeDefault type and we also changed the image to amicontained which is a container introspection tool that will tell us which syscalls are blocked, as well as some other interesting security info.
What are some alternatives?
wuxt - Nuxt/WordPress development environment, combining the worlds biggest CMS with the most awesome front-end application framework yet.
runtime - Kata Containers version 1.x runtime (for version 2.x see https://github.com/kata-containers/kata-containers).
docker-lamp - Docker with Apache, MySql, PhpMyAdmin and Php
Lean and Mean Docker containers - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
docker-phpvirtualbox - Docker phpVirtualBox is a web interface that allows you to control remote VirtualBox instances v6.x
kubernetes-ingress - NGINX and NGINX Plus Ingress Controllers for Kubernetes
awesome-appsec - A curated list of resources for learning about application security
UBUNTU20-CIS - Ansible role for Ubuntu 2004 CIS Baseline
PHP IDS - PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
swarmpit - Lightweight mobile-friendly Docker Swarm management UI
img - Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.