From 90fa570eb590c5c1c6e583f94b54d54c165c3d0f Mon Sep 17 00:00:00 2001 From: Owen Garrett Date: Fri, 18 Mar 2022 10:11:57 +0000 Subject: [PATCH 1/4] Update additional-tools.md: update Deepfence info --- docker-and-k8s-security/docker/additional-tools.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-and-k8s-security/docker/additional-tools.md b/docker-and-k8s-security/docker/additional-tools.md index 36a6eff..42720f7 100644 --- a/docker-and-k8s-security/docker/additional-tools.md +++ b/docker-and-k8s-security/docker/additional-tools.md @@ -6,8 +6,9 @@ - [CIS Docker Benchmark](https://github.com/dev-sec/cis-docker-benchmark) - This [InSpec][inspec] compliance profile implement the CIS Docker 1.12.0 Benchmark in an automated way to provide security best-practice tests around Docker daemon and containers in a production environment. By [@dev-sec](https://github.com/dev-sec) - [Clair](https://github.com/quay/clair) - Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [@coreos][coreos] - [Dagda](https://github.com/eliasgranderubio/dagda) - Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. By [@eliasgranderubio](https://github.com/eliasgranderubio) -- [Deepfence Enterprise](https://deepfence.io) :heavy_dollar_sign: - Full life cycle Cloud Native Workload Protection platform for kubernetes, virtual machines and serverless. By [@deepfence](deepfence) -- [Deepfence Threat Mapper](https://github.com/deepfence/ThreatMapper) - Powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless. +- [Deepfence ThreatMapper](https://github.com/deepfence/ThreatMapper) - Powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless. +- [Deepfence SecretScanner](https://github.com/deepfence/SecretScanner) - Find unprotected secrets - tokens, keys, passwords - in containers and host filesystems. +- [Deepfence ThreatStryker](https://deepfence.io/threatstryker/) :heavy_dollar_sign: - Full life cycle Cloud Native Workload Protection platform for kubernetes, virtual machines and serverless. By [@deepfence](deepfence) - [docker-bench-security](https://github.com/docker/docker-bench-security) - script that checks for dozens of common best-practices around deploying Docker containers in production. - [docker-explorer](https://github.com/google/docker-explorer) - A tool to help forensicate offline docker acquisitions by Google - [docker-lock](https://github.com/safe-waters/docker-lock) - A cli-plugin for docker to automatically manage image digests by tracking them in a separate Lockfile. By [@safe-waters][safe-waters] From cb454f549ece743d15b2d155a4482d5128f6a6cf Mon Sep 17 00:00:00 2001 From: Owen Garrett Date: Fri, 18 Mar 2022 10:13:12 +0000 Subject: [PATCH 2/4] Update additional-tools.md: correct ordering --- docker-and-k8s-security/docker/additional-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-and-k8s-security/docker/additional-tools.md b/docker-and-k8s-security/docker/additional-tools.md index 42720f7..a228333 100644 --- a/docker-and-k8s-security/docker/additional-tools.md +++ b/docker-and-k8s-security/docker/additional-tools.md @@ -6,8 +6,8 @@ - [CIS Docker Benchmark](https://github.com/dev-sec/cis-docker-benchmark) - This [InSpec][inspec] compliance profile implement the CIS Docker 1.12.0 Benchmark in an automated way to provide security best-practice tests around Docker daemon and containers in a production environment. By [@dev-sec](https://github.com/dev-sec) - [Clair](https://github.com/quay/clair) - Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [@coreos][coreos] - [Dagda](https://github.com/eliasgranderubio/dagda) - Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. By [@eliasgranderubio](https://github.com/eliasgranderubio) -- [Deepfence ThreatMapper](https://github.com/deepfence/ThreatMapper) - Powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless. - [Deepfence SecretScanner](https://github.com/deepfence/SecretScanner) - Find unprotected secrets - tokens, keys, passwords - in containers and host filesystems. +- [Deepfence ThreatMapper](https://github.com/deepfence/ThreatMapper) - Powerful open source runtime vulnerability scanner for kubernetes, virtual machines and serverless. - [Deepfence ThreatStryker](https://deepfence.io/threatstryker/) :heavy_dollar_sign: - Full life cycle Cloud Native Workload Protection platform for kubernetes, virtual machines and serverless. By [@deepfence](deepfence) - [docker-bench-security](https://github.com/docker/docker-bench-security) - script that checks for dozens of common best-practices around deploying Docker containers in production. - [docker-explorer](https://github.com/google/docker-explorer) - A tool to help forensicate offline docker acquisitions by Google From d950069c6439e16516fdef3d0dedc31bbbad89c5 Mon Sep 17 00:00:00 2001 From: Owen Garrett Date: Fri, 18 Mar 2022 10:13:39 +0000 Subject: [PATCH 3/4] Update additional-tools.md --- docker-and-k8s-security/docker/additional-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-and-k8s-security/docker/additional-tools.md b/docker-and-k8s-security/docker/additional-tools.md index a228333..2e9062b 100644 --- a/docker-and-k8s-security/docker/additional-tools.md +++ b/docker-and-k8s-security/docker/additional-tools.md @@ -1,4 +1,4 @@ -# Additinal Docker Security Tools and Resources +# Additional Docker Security Tools and Resources - [Anchor Engine](https://github.com/anchore/anchore) - Analyze images for CVE vulnerabilities and against custom security policies by [@Anchor](https://github.com/anchore) - [Aqua Security](https://www.aquasec.com) :heavy_dollar_sign: - Securing container-based applications from Dev to Production on any platform From 50b45d8ccf88eafec2ed769f60b3c52293240b78 Mon Sep 17 00:00:00 2001 From: Owen Garrett Date: Fri, 18 Mar 2022 10:16:02 +0000 Subject: [PATCH 4/4] Add SecretScanner/ThreatMapper open source tools --- docker-and-k8s-security/kubernetes/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-and-k8s-security/kubernetes/README.md b/docker-and-k8s-security/kubernetes/README.md index a50d21e..0ec2134 100644 --- a/docker-and-k8s-security/kubernetes/README.md +++ b/docker-and-k8s-security/kubernetes/README.md @@ -115,6 +115,8 @@ - [KubiScan](https://github.com/cyberark/KubiScan) - [Kubernetes Audit by Trail of Bits](https://github.com/trailofbits/audit-kubernetes) - [kubeaudit](https://github.com/Shopify/kubeaudit) +- [SecretScanner](https://github.com/deepfence/SecretScanner) +- [ThreatMapper](https://github.com/deepfence/ThreatMapper) - [falco](https://github.com/falcosecurity/falco) - [kubesec](https://github.com/controlplaneio/kubesec) - [kube-bench](https://github.com/aquasecurity/kube-bench)