Displaying 1 to 20 from 49 results

hydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure

  •    Go

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.

docker-slim - DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)

  •    Go

Creating small containers requires a lot of voodoo magic and it can be pretty painful. You shouldn't have to throw away your tools and your workflow to have skinny containers. Using Docker should be easy.docker-slim is a magic diet pill for your containers :) It will use static and dynamic analysis to create a skinny container for your app.

Portus - Authorization service and frontend for Docker registry (v2)

  •    Ruby

Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs. Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka docker pull) and write (aka docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in our documentation page about it.

labs - This is a collection of tutorials for learning how to use Docker with various tools

  •    PHP

This repo contains Docker labs and tutorials authored both by Docker, and by members of the community. We welcome contributions and want to grow the repo.




docker-ipsec-vpn-server - Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec

  •    Shell

Docker image to run an IPsec VPN server, with both IPsec/L2TP and Cisco IPsec. Based on Debian 9 (Stretch) with Libreswan (IPsec VPN software) and xl2tpd (L2TP daemon).

cilium - HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

  •    Go

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos. A new Linux kernel technology called BPF is at the foundation of Cilium. It supports dynamic insertion of BPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. BPF is highly efficient and flexible. To learn more about BPF, read more in our extensive BPF and XDP Reference Guide.

felix - Project Calico's per-host agent Felix, responsible for programming routes and security policy

  •    Go

This repository contains the source code for Project Calico's per-host daemon, Felix. The best place to ask a question or get help from the community is the calico-users #slack. We also have an IRC channel.


teleport - Privileged access management for elastic infrastructure.

  •    Go

Teleport is built on top of the high-quality Golang SSH implementation and it is fully compatible with OpenSSH and can be used with sshd servers and ssh clients. Download the latest binary release, unpack the .tar.gz and run sudo ./install. This will copy Teleport binaries into /usr/local/bin.

bane - Custom & better AppArmor profile generator for Docker containers.

  •    Go

AppArmor profile generator for docker containers. Basically a better AppArmor profile, than creating one by hand, because who would ever do that. For installation instructions from binaries please visit the Releases Page.

contained.af - A stupid game for learning about containers, capabilities, and syscalls.

  •    Javascript

A game for learning about containers, capabilities, and syscalls. To add a question edit this file: frontend/js/questions.js.

subuser - Run programs on linux with selectively restricted permissions.

  •    Python

As free software developers we like to share. We surf the web and discover new code. We are eager to try it out. We live out an orgy of love and trust, unafraid that some code we cloned from Git might be faulty or malicious. We live in the 60s, carefree hippies. This is utopia.

Gorsair - Gorsair hacks its way into remote docker containers that expose their APIs.

  •    Go

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get information on all of the other containers, images and system, as well as potentially getting privileged access to the whole system if the image uses the root user.

runtime - OCI (Open Containers Initiative) compatible runtime using Virtual Machines

  •    Go

cc-runtime is the next generation of Intel® Clear Containers runtime. This tool, henceforth referred to simply as "the runtime", builds upon the virtcontainers project to provide a high-performance standards-compliant runtime that creates hardware-virtualized containers which leverage Intel's VT-x technology.

wolfssl - (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud

  •    C

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.

cc-oci-runtime - OCI (Open Containers Initiative) compatible runtime for Intel® Architecture

  •    C

Now that the next-generation runtime has been released, this project is now in maintenance mode. All users are encouraged to switch to the new cc-runtime runtime. Installation and upgrade information is available on the new runtime's wiki.

amicontained - Container introspection tool

  •    Makefile

Container introspection tool. Find out what container runtime is being used as well as features available. For installation instructions from binaries please visit the Releases Page.

dagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

  •    Python

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.

amicontained - Container introspection tool

  •    Go

Container introspection tool. Find out what container runtime is being used as well as features available.

openvas-docker - A Docker container for Openvas

  •    Shell

A Docker container for OpenVAS on Ubuntu. By default, the latest images includes the OpenVAS Base as well as the NVTs and Certs required to run OpenVAS. We made the decision to move to 9 as the default branch since 8 seems to have many issues in docker. We suggest you use 9 as it is much more stable. Our Openvas9 build was designed to be a smaller image with fewer extras built in. Please note, OpenVAS 8 is no longer being built as OpenVAS 9 is now standard. The image is can still be pulled from the Docker hub, however the source has been removed in this github as is standard with deprecated Docker Images. In the output, look for the process scanning cert data. It contains a percentage.