nilaway
grype
nilaway | grype | |
---|---|---|
3 | 56 | |
2,808 | 7,885 | |
5.6% | 2.9% | |
8.7 | 9.5 | |
7 days ago | about 7 hours ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nilaway
-
Go: What We Got Right, What We Got Wrong
I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.
https://github.com/uber-go/nilaway
-
Practical nil panic detection for Go
We'd be interested in the general characteristics of the most common ones you are seeing. If you have a chance to file a couple issues (and haven't done so yet): https://github.com/uber-go/nilaway/issues
We definitely have gotten some useful reports there already since the blog post!
We are aware of a number of sources of false positives and actively trying to drive them down (prioritizing the patterns that are common in our codebase, but very much interested in making the tool useful to others too!).
Some sources of false positives are fundamental (any non-trivial type system will forbid some programs which are otherwise safe in ways that can't be proven statically), others need complex in-development features for the tool to understand (e.g. contacts, such as "foo(...) returns nil iff its third argument is nil"), and some are just a matter of adding a library model or similar small change and we just haven't run into it ourselves.
grype
-
Introduction to the Kubernetes ecosystem
Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
- Suas imagens de container não estão seguras!
-
I looked through attacks in my access logs. Here's what I found
Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
-
Distroless images using melange and apko
Using Grype:
-
Scanning and remediating vulnerabilities with Grype
In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.
-
Understanding Container Security
Scanning your container images for vulnerabilities is a good approach. But this scanning is not one time job, it should be done regularly (weekly, monthly, etc.) You need to follow vulnerability reports and fix all of the vulnerabilities as soon as possible. I recommend some open-source tools that could be useful: Trivy, Docker-Bench, Grype.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Grype is another popular open source tool from Anchore. Working with SBOM files, Grype scans container images and filesystems for vulnerabilities. Grype supports different output formats for vulnerabilities and custom templates for output.
-
Best vulnerability scanner for DevOps
Grype (https://github.com/anchore/grype)
-
Security docker app
Grype will allow you to scan a container to see if you have any vulnerable packages.
-
Open source container scanning tool to find vulnerabilities and suggest best practice improvements?
https://github.com/anchore/grype 5.6k stars, updated 3 days ago
What are some alternatives?
reviewdog - 🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
anchore-engine - A service that analyzes docker images and scans for vulnerabilities
go - The Go programming language
clair - Vulnerability Static Analysis for Containers
tfsec - Security scanner for your Terraform code
opencve - CVE Alerting Platform
symbolicator - Native Symbolication as a Service
falco - Cloud Native Runtime Security