reg
amicontained
reg | amicontained | |
---|---|---|
2 | 4 | |
1,635 | 947 | |
0.2% | 0.0% | |
0.0 | 0.0 | |
8 months ago | over 3 years ago | |
Go | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
reg
-
Running a container registry on a Raspberry Pi 4
You might be better off looking for an alternative to a UI. Something like https://github.com/genuinetools/reg
- Minimal self-hosted Docker Registry on Docker swarm mode
amicontained
-
Is there a trick to know we're in a container?
If you want a tool based solution to this, tools like amicontained can tell you that in a container and some information about the sandbox.
-
Ask r/kubernetes: What are you working on this week?
I'm looking into SECCOMP profiles as well, but so far is seems a lot of pain for little gain. This series by Paulo Gomes is my starting point. part2 part3 testing-container.
-
Container capabilities
If you want to check the exact syscalls and caps in a container, getting a shell and using something like amicontained https://github.com/genuinetools/amicontained is a good option.
-
Hardening Docker and Kubernetes with seccomp
We made a few changes here. Namely, we changed seccompProfile section where we specify RuntimeDefault type and we also changed the image to amicontained which is a container introspection tool that will tell us which syscalls are blocked, as well as some other interesting security info.
What are some alternatives?
docker-registry-ui - The simplest and most complete UI for your private registry
runtime - Kata Containers version 1.x runtime (for version 2.x see https://github.com/kata-containers/kata-containers).
1pass - 1Password Linux CLI explorer
Lean and Mean Docker containers - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
deckschrubber - Deckschrubber inspects images of a Docker Registry and removes those older than a given age. :high_brightness::ship:
kubernetes-ingress - NGINX and NGINX Plus Ingress Controllers for Kubernetes
manifest-tool - Command line tool to create and query container image manifest list/indexes
labs - This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
UBUNTU20-CIS - Ansible role for Ubuntu 2004 CIS Baseline
saffire - [alpha] Controller to override image sources in the event that an image cannot be pulled.
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more