4 مستودعات
Tools and mechanisms for securing containerized environments and isolating processes from the host system.
Distinguishing note: Focuses on security isolation primitives like rootless namespaces rather than general infrastructure management.
Explore 4 awesome GitHub repositories matching devops & infrastructure · Container Security. Refine with filters or upvote what's useful.
NSQ is a distributed, brokerless messaging platform designed for high-throughput, fault-tolerant communication. By utilizing a decentralized topology, it eliminates single points of failure and allows for horizontal scaling across clusters. The system organizes message streams into topics and channels, effectively decoupling producers from consumers to support both streaming and job-oriented workloads. The platform distinguishes itself through a lookup-service-based discovery mechanism that enables clients to dynamically locate producers at runtime without requiring centralized coordination.
Secures containerized messaging services by mounting certificates for encrypted communication.
Distroless provides a collection of security-hardened, minimal base container images designed to reduce attack surfaces by excluding non-essential system utilities, package managers, and shells. These images are constructed to contain only an application and its specific runtime dependencies, enforcing the principle of least privilege by configuring environments for non-root execution. The project distinguishes itself through a focus on supply chain integrity and reproducible builds. It utilizes declarative build configurations to track package versions and validates container image integrity
Executes applications in stripped-down container environments that exclude shells and package managers.
Containerd is a daemon-based container runtime that manages the complete lifecycle of containers on a host system. It functions as a core orchestration backend, handling image distribution, storage, and process execution while adhering to industry-standard specifications for container execution and configuration. The project is distinguished by its modular, plugin-based architecture, which allows for the extension of storage, runtime, and networking capabilities without requiring a full daemon recompile. It utilizes a shim-based execution model to delegate low-level operations, ensuring isola
Applies kernel-level security mechanisms to container processes to restrict system calls and isolate workloads from the host.
rkt is a secure Linux container engine and pod-native container manager. It provides a composable execution environment for launching and managing isolated application containers on Linux, serving as a runtime designed around open industry standards for image formats and networking interfaces. The system is distinguished by a pod-native execution model that groups multiple containers and shared resources into single, self-contained units. It utilizes pluggable execution engines to provide secure isolation, including the use of hardware-based virtualization to create security boundaries betwee
Secures the host system by isolating containers through hardware virtualization and security modules.