awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
docker avatar

docker/docker-bench-security

0
View on GitHub↗
9,655 stars·1,040 forks·Shell·Apache-2.0·8 vues

Docker Bench Security

This project is a security compliance tool and configuration auditor designed to evaluate Docker deployments against industry security benchmarks. It functions as a script-based scanner that identifies misconfigurations and vulnerabilities within both the host operating system and container settings.

The tool specifically implements the Center for Internet Security standards for Docker to verify host and container configurations. It enables a hardening workflow by comparing system states against these standards to identify security gaps and document compliance status.

The audit engine supports modular test filtering to target specific security domains and generates reports in both plain text and JSON formats. These exports allow audit results to be used for human review or integrated into external security monitoring systems.

Features

  • Security Configuration Auditing - Automates the inspection of Docker host and container configurations to identify security gaps and misconfigurations.
  • Security Audit Scripts - Provides a specialized script for auditing Docker deployments against industry security benchmarks.
  • Compliance Verification Tools - Automates the assessment and reporting of Docker deployments against international security and compliance standards.
  • Container Security - Evaluates container environments and host configurations against benchmarks to ensure adherence to security best practices.
  • Container Security Scanners - Scans Docker host settings and container deployments to identify critical security misconfigurations and vulnerabilities.
  • CIS Benchmark Implementations - Implements specific Center for Internet Security (CIS) benchmarks to evaluate Docker host and container configurations.
  • Container Security Hardening - Provides a workflow to identify vulnerabilities and apply security best practices to harden Docker container settings.
  • Security Benchmark Validations - Provides automated verification of system configurations against validated security reference profiles like the CIS benchmarks.
  • Security Audit Engines - Implements a shell-scripted engine to execute a sequence of configuration checks against a security baseline.
  • Customizable Security Checks - Allows for the selection and customization of specific security checks to target particular deployment domains.
  • Compliance & Audit Tools - Generates detailed audit reports in multiple formats to document compliance with security standards.
  • Container-Host Configuration Auditing - Analyzes differences between the host operating system and container runtime to identify potential security gaps.
  • Test Execution Filtering - Allows users to select specific subsets of security checks for execution via command line arguments.
  • Cloud Native Security - Audits Docker containers against CIS benchmarks.
  • Container Management - Audits Docker deployments against security best practices.
  • Container Security - Benchmarking Docker configurations against CIS standards.
  • Infrastructure as Code Analysis - Checks container deployments against security best practices.
  • Cloud and Container Security - Checks container deployments against industry-standard security benchmarks.
  • Cloud Security - Checks Docker containers against CIS security benchmarks.
  • Container Security Tools - Automated script to check for production deployment best practices.
  • Security and Compliance - Security best-practice auditor for Docker.
  • Sécurité et durcissement - Checks for production security best practices.

Historique des stars

Graphique de l'historique des stars pour docker/docker-bench-securityGraphique de l'historique des stars pour docker/docker-bench-security

Recherche par IA

Explorez plus de dépôts awesome

Décrivez vos besoins en langage naturel — l'IA classe des milliers de projets open source sélectionnés par pertinence.

Start searching with AI

Alternatives open source à Docker Bench Security

Projets open source similaires, classés selon le nombre de fonctionnalités partagées avec Docker Bench Security.
  • aquasecurity/trivyAvatar de aquasecurity

    aquasecurity/trivy

    36,462Voir sur GitHub↗

    Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai

    Gocontainersdevsecopsdocker
    Voir sur GitHub↗36,462
  • quay/clairAvatar de quay

    quay/clair

    11,012Voir sur GitHub↗

    Clair is a container image vulnerability scanner and security analyzer. It performs static analysis of container images by matching package contents against vulnerability databases to identify security risks across different package formats and architectures. The project functions as both an image indexer and a vulnerability database manager. It processes container layers into intermediate representations to enable fast security lookups and synchronizes security metadata from multiple external sources to maintain a local registry. Capability areas include continuous security monitoring, whic

    Goclaircontainersdocker
    Voir sur GitHub↗11,012
  • falcosecurity/falcoAvatar de falcosecurity

    falcosecurity/falco

    8,670Voir sur GitHub↗

    Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments

    C++cloud-nativecncfcncf-project
    Voir sur GitHub↗8,670
  • cdk-team/cdkAvatar de cdk-team

    cdk-team/CDK

    4,692Voir sur GitHub↗

    CDK is a specialized toolset for container security auditing, container escape exploitation, and cloud infrastructure pentesting. It provides a collection of scripts and tools designed to identify and exploit vulnerabilities in container runtimes to break out of isolated environments and execute commands on the underlying host operating system. The project features a dedicated Docker runtime exploit suite for abusing the Docker API, procfs, and cgroups to gain unauthorized host-level access. It includes specific techniques for bypassing isolation via LXCFS, user namespace exploitation, and ho

    Go
    Voir sur GitHub↗4,692
Voir les 30 alternatives à Docker Bench Security→

Questions fréquentes

Que fait docker/docker-bench-security ?

This project is a security compliance tool and configuration auditor designed to evaluate Docker deployments against industry security benchmarks. It functions as a script-based scanner that identifies misconfigurations and vulnerabilities within both the host operating system and container settings.

Quelles sont les fonctionnalités principales de docker/docker-bench-security ?

Les fonctionnalités principales de docker/docker-bench-security sont : Security Configuration Auditing, Security Audit Scripts, Compliance Verification Tools, Container Security, Container Security Scanners, CIS Benchmark Implementations, Container Security Hardening, Security Benchmark Validations.

Quelles sont les alternatives open-source à docker/docker-bench-security ?

Les alternatives open-source à docker/docker-bench-security incluent : aquasecurity/trivy — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container… quay/clair — Clair is a container image vulnerability scanner and security analyzer. It performs static analysis of container… falcosecurity/falco — Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and… cdk-team/cdk — CDK is a specialized toolset for container security auditing, container escape exploitation, and cloud infrastructure… anchore/grype — Grype is a command-line security scanner designed to identify known vulnerabilities within container images,… aquasecurity/kube-bench — kube-bench is a Kubernetes security benchmark scanner and configuration auditor. It verifies if a cluster adheres to…