A simple security scanner for vulnerabilities and configuration issues in IaC such as Kubernetes, Dockerfile and Terraform

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/netsec

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • OPS - Build and Run Open Source Unikernels
  • SonarQube - Static code analysis for 29 languages.
  • GitHub repo trivy

    Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

  • GitHub repo appshield

    Security configuration checks for popular cloud native applications and infrastructure.

    For the IaC scanning there's a couple of rule sources. The Docker and Kubernetes rules come from the AppShield project (https://github.com/aquasecurity/appshield/). The Terraform Scanning is powered by tfsec (https://github.com/aquasecurity/tfsec/)

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • GitHub repo tfsec

    Security scanner for your Terraform code

    For the IaC scanning there's a couple of rule sources. The Docker and Kubernetes rules come from the AppShield project (https://github.com/aquasecurity/appshield/). The Terraform Scanning is powered by tfsec (https://github.com/aquasecurity/tfsec/)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts