# Container Image Vulnerability Scanners > Search results for `scan container images for known vulnerabilities` on awesome-repositories.com. 116 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/scan-container-images-for-known-vulnerabilities **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/scan-container-images-for-known-vulnerabilities).** ## Results - [projectdiscovery/nuclei](https://awesome-repositories.com/repository/projectdiscovery-nuclei.md) (29,189 ⭐) — Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integrates advanced reconnaissance capabilities, including cloud infrastructure assessment, subdomain discovery, and technology fingerprinting, into a unified workflow that can be orchestrated via a command-line interface or programmatic API. Beyond core scanning, the project provides a comprehensive suite of tools for external attack surface management, including asset inventorying, visual evidence capture, and automated ticketing integration. It supports collaborative security operations through team workspaces, centralized template management, and real-time alerting, ensuring that vulnerability findings can be tracked, verified, and remediated within a single environment. The platform is distributed as a command-line utility and supports containerized execution, enabling integration into existing CI/CD pipelines and automated security workflows. - [projectdiscovery/subfinder](https://awesome-repositories.com/repository/projectdiscovery-subfinder.md) (13,105 ⭐) — Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orchestration to parallelize discovery workloads across remote nodes. For dynamic web application analysis, the tool incorporates headless browser rendering to execute client-side code and capture visual state. The platform provides a broad capability surface for security operations, including asynchronous interaction monitoring to detect blind vulnerabilities and server-side request forgery. It features a domain-specific language for granular filtering of scan results and supports pipeline-oriented data streaming to integrate findings into external security tools and reporting systems. The software is implemented in Go and provides a command-line interface for executing discovery tasks and managing security workflows. - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations against compliance standards and relies on a remote, periodically updated vulnerability database to maintain current detection logic without requiring binary updates. By employing static analysis pattern matching, it maps disparate scan results into a unified output schema for consistent reporting. Beyond its core scanning capabilities, the project supports cloud infrastructure auditing and deep inspection of local and remote environments. It is distributed as a single cross-platform executable, and comprehensive configuration and usage details are available in the project's official user guide. - [anchore/grype](https://awesome-repositories.com/repository/anchore-grype.md) (12,423 ⭐) — Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security. The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sources, allowing for consistent vulnerability matching and offline scanning capabilities. The scanner supports automated security workflows by generating structured vulnerability reports in formats such as JSON and CycloneDX. These outputs facilitate integration with external security pipelines, visualization dashboards, and automated oversight systems for tracking and remediating risks across software infrastructure. - [opencontainers/container-images](https://awesome-repositories.com/repository/opencontainers-container-images.md) (16 ⭐) — A collection of container images used in CI across various opencontainers projects - [jekil/awesome-hacking](https://awesome-repositories.com/repository/jekil-awesome-hacking.md) (3,746 ⭐) — This project is a curated, version-controlled directory of software and resources designed for cybersecurity professionals and researchers. It functions as a centralized knowledge base that aggregates and organizes external security utilities into a structured taxonomy to facilitate discovery and access for specialized research and testing tasks. The repository distinguishes itself through a community-driven model where external resource locations are verified and maintained by contributors. By leveraging a distributed version control system, the project ensures the historical integrity and consistency of its collection, allowing users to track changes and updates to the indexed toolsets over time. The directory covers a broad spectrum of security domains, including penetration testing, digital forensics, network analysis, and threat intelligence gathering. It provides access to frameworks and utilities for tasks such as vulnerability scanning, password auditing, automated software fuzzing, and the deployment of decoy systems. Additionally, the project includes resources for managing competitive security challenges and infrastructure orchestration. - [google/osv-scanner](https://awesome-repositories.com/repository/google-osv-scanner.md) (10,565 ⭐) — osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is actually invoked and utilizes layer-aware scanning to attribute vulnerabilities to specific stages of a container image. Broad capabilities cover the identification of known security vulnerabilities, open source license compliance auditing, and the resolution of transitive dependencies. The system supports offline scanning via local database synchronization and integrates into development pipelines through pre-commit hooks and CI/CD security checks. The scanner can be executed as a standalone command line interface or run from a Docker container. - [keygraphhq/shannon](https://awesome-repositories.com/repository/keygraphhq-shannon.md) (44,672 ⭐) — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applications to confirm vulnerabilities. It utilizes graph-based data flow analysis to trace execution paths from user inputs to sensitive sinks, ensuring that security findings are based on reachable threats rather than raw scan results. By operating in isolated or air-gapped environments, the system maintains strict data sovereignty and residency, ensuring that source code and sensitive analysis data remain within the local perimeter. Beyond core testing, the platform provides comprehensive security observability and supply chain auditing. It correlates static code analysis with dynamic runtime exploitation to provide a unified view of risk, while automatically deduplicating findings to reduce alert noise. The system also supports the software supply chain by generating compliant manifests and inspecting container images without requiring a local container runtime. The platform integrates directly into existing development workflows, delivering verified patches to source control and synchronizing remediation status with external project management tools. It includes robust support for compliance reporting, audit trails, and risk acceptance management to meet regulatory requirements. - [idno/known](https://awesome-repositories.com/repository/idno-known.md) (1,117 ⭐) — A social publishing platform. - [goldbergyoni/javascript-testing-best-practices](https://awesome-repositories.com/repository/goldbergyoni-javascript-testing-best-practices.md) (24,589 ⭐) — This project is a comprehensive knowledge base and educational resource for JavaScript developers, focused on establishing industry-standard methodologies for automated software testing. It provides a structured collection of design patterns and actionable guidelines designed to improve code reliability, maintainability, and overall software quality across the development lifecycle. The repository distinguishes itself by offering a granular, pattern-based approach to testing that spans unit, integration, and end-to-end verification. It emphasizes specific architectural strategies such as component-level isolation, contract-based integration testing, and the use of mutation testing to validate the effectiveness of test suites. By advocating for practices like the Arrange-Act-Assert pattern and black-box testing, it helps teams standardize their workflows and reduce regressions. Beyond core testing strategies, the resource covers a broad capability surface including continuous integration optimization, static analysis integration, and frontend component validation. It provides guidance on managing test data, configuring production-like CI pipelines, and maintaining high standards through automated quality assurance and dependency management. The documentation is organized into categorized, actionable design patterns that serve as a centralized reference for engineering teams. It includes technical examples and best practices for handling asynchronous events, network interactions, and environment-specific configuration issues. - [spaceraccoon/npm-scan](https://awesome-repositories.com/repository/spaceraccoon-npm-scan.md) (50 ⭐) — An extensible, heuristic-based vulnerability scanning tool for installed npm packages - [infinition/bjorn](https://awesome-repositories.com/repository/infinition-bjorn.md) (5,656 ⭐) — Bjorn is a penetration testing framework that automates network scanning, credential brute-forcing, vulnerability assessment, and data exfiltration, all coordinated through an event-driven task pipeline and controlled via a web-based dashboard. Its modular plugin architecture allows independent security modules to be loaded and chained together, with an asynchronous network scanner discovering live hosts and open ports without blocking the main execution flow. The framework distinguishes itself by integrating a credential brute-force engine that systematically attempts login combinations against network services, alongside a vulnerability assessment module that matches service fingerprints against a local database of known exploits. Post-exploitation data exfiltration capabilities extract sensitive files and database contents from compromised services, while a web-based control interface provides real-time monitoring and task management through RESTful API calls. For physical monitoring, Bjorn includes an e-Paper display driver that shows real-time operation status on a low-power e-ink screen, complementing the browser-accessible operation dashboard. The project is implemented in Python and provides a comprehensive set of tools for security assessment workflows. - [lirantal/is-website-vulnerable](https://awesome-repositories.com/repository/lirantal-is-website-vulnerable.md) (2,029 ⭐) — finds publicly known security vulnerabilities in a website's frontend JavaScript libraries - [rafaelgss/is-my-node-vulnerable](https://awesome-repositories.com/repository/rafaelgss-is-my-node-vulnerable.md) (328 ⭐) — package that checks if your Node.js installation is vulnerable to known security vulnerabilities - [kubescape/kubescape](https://awesome-repositories.com/repository/kubescape-kubescape.md) (11,489 ⭐) — Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Model Context Protocol server to enable natural language security querying and real-time streaming of findings. The system covers a broad range of security domains, including compliance auditing against industry benchmarks, runtime threat detection using eBPF and system probes, and the automated generation of network policies. It further provides risk quantification for prioritization, infrastructure-as-code auditing, and automated remediation through image patching and manifest fixes. The project is deployed using a Kubernetes operator to automate the lifecycle of its security components and provides specific support for air-gapped environments through offline scanning and manual framework provisioning. - [projectdiscovery/naabu](https://awesome-repositories.com/repository/projectdiscovery-naabu.md) (5,766 ⭐) — Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without completing the full handshake, enabling faster scans. It supports passive port enumeration through external services like Shodan InternetDB, and can exclude CDN or WAF IPs from full scans. Naabu also provides a REST API for programmatic scan triggering, configuration management, and result export, alongside the ability to embed port scanning directly into Go programs with callback-based result handling. The tool covers host discovery, port scanning, and service detection across multiple input formats and output options. It includes features for filtering scan targets, rescanning completed scans, and exposing scan metrics via HTTP. The project is available as a command-line tool and as a Go library, with support for Docker deployment. - [containers/skopeo](https://awesome-repositories.com/repository/containers-skopeo.md) (10,982 ⭐) — Skopeo is an OCI container image manager and registry client designed for inspecting, copying, and signing container images across different registries and storage backends. It enables the manipulation of container images using direct API calls to registries, operating independently of a local container daemon or runtime. The tool provides specialized capabilities for container image mirroring and synchronization, specifically supporting the mirroring of external repositories to internal registries for air-gapped environments. It also functions as a container image signing tool, allowing for the attachment and verification of cryptographic signatures to ensure content integrity and authenticity. Broad functional areas include remote registry administration and inspection, which allow for the retrieval of image manifests and metadata as well as the deletion of specific image versions and tags. The system also manages secure registry access through credential-based authentication and session management. - [dyad-sh/dyad](https://awesome-repositories.com/repository/dyad-sh-dyad.md) (19,648 ⭐) — Dyad is a local, artificial intelligence-powered development environment designed to manage, edit, and scaffold full-stack software projects. It functions as an automated codebase manager and code editor that leverages language models to execute programming tasks, maintain project context, and apply targeted modifications directly to source files on a user's machine. The platform distinguishes itself through a model-agnostic architecture that allows for flexible integration with various language model runtimes. It provides specialized operational modes to optimize development speed and efficiency, while maintaining granular control over the codebase through differential change tracking and automated project-level configuration directives. By utilizing context-aware file indexing and automated conversation management, the tool ensures that generated code remains aligned with specific architectural constraints and project requirements. Beyond core editing, the platform covers a broad surface of software engineering workflows, including automated security vulnerability analysis and remediation, database schema management with migration generation, and cloud deployment automation. It supports the full application lifecycle from initial project bootstrapping and live previewing to final publication and mobile conversion. The environment is designed to operate locally to maintain complete control over the codebase, while offering secure remote execution sandboxing for sensitive logic and restricted API interactions. - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [security-code-scan/security-code-scan](https://awesome-repositories.com/repository/security-code-scan-security-code-scan.md) (975 ⭐) — Vulnerability Patterns Detector for C# and VB.NET - [moby/moby](https://awesome-repositories.com/repository/moby-moby.md) (71,729 ⭐) — Moby is an OCI container engine and runtime manager designed for building, running, and managing isolated containers based on Open Container Initiative standards. It functions as a container daemon and image builder, providing a core engine to orchestrate the full lifecycle of containers and the packaging of source code into portable images. The project provides a standardized HTTP interface that allows for programmatic container management, enabling external clients to control daemon settings and container operations. It supports a rootless security model, allowing the engine daemon to execute without root privileges to reduce the security risk to the host system. Its broader capabilities cover container image packaging using declarative configurations, the execution of isolated processes with specific resource constraints, and cross-platform binary compilation for multiple target architectures. It also includes functionality for transferring images between local environments and remote registries. - [containers/buildah](https://awesome-repositories.com/repository/containers-buildah.md) (8,618 ⭐) — Buildah is a tool for creating OCI-compliant container images without requiring a background daemon process. It functions as a daemonless image constructor and distribution tool, allowing users to build, push, and pull images between local storage and remote registries. The project distinguishes itself by supporting unprivileged image building through the use of user namespaces and rootless mode. It enables direct modification of container root filesystems by mounting them to the host, allowing images to be treated as directories that can be manipulated via standard shell commands or scripts. The build engine supports both Dockerfile emulation and scripted image construction to generate compliant artifacts. Additional capabilities include containerized build isolation, build cache acceleration for increased speed, and the production of reproducible, bit-for-bit identical images. The toolset also includes utilities for managing working containers, committing container state, and inspecting image metadata. - [goldbergyoni/nodebestpractices](https://awesome-repositories.com/repository/goldbergyoni-nodebestpractices.md) (105,356 ⭐) — This project provides a comprehensive collection of industry-standard guidelines for developing, testing, and deploying Node.js applications. It covers the entire software lifecycle, offering actionable advice on code style, architectural patterns, and security measures to ensure maintainability and consistency across large-scale codebases. The documentation details strategies for robust error management, containerization, and production readiness. It addresses operational requirements such as observability, scalability, and infrastructure configuration, while providing specific methodologies for validating software quality through automated testing and dependency management. - [nvidia/nemo-guardrails](https://awesome-repositories.com/repository/nvidia-nemo-guardrails-2.md) (6,453 ⭐) — NeMo-Guardrails is a toolkit for adding programmable safety constraints and dialogue boundaries to large language model conversational systems. It functions as security middleware that intercepts inputs and outputs to block prompt injections, jailbreaks, and sensitive data leaks, while providing a conversational dialogue manager to define structured interaction flows through configuration files. The framework includes a hallucination filter to screen model outputs for factual accuracy and a specialized modeling language for defining conversational flows and constraints. It provides capabilities for conversational dialogue steering to keep assistants on topic and uses safety moderation to block prohibited content. The system covers broader capability areas including vulnerability testing and safety evaluation tooling to scan for weaknesses. It also provides observability through request tracing, retrieved context validation to filter sensitive information, and secure tool execution for agentic workflows. The project can be deployed as a standalone HTTP server or via containerized microservices to provide protected chat completions to external clients. - [containers/libpod](https://awesome-repositories.com/repository/containers-libpod.md) (32,040 ⭐) — Libpod is a container management library for running and controlling the lifecycle of Open Container Initiative compliant containers and images across different storage backends. It provides a programmatic interface for the remote control and automation of container environments. The project enables the coordination of multiple containers into pods that share network namespaces and other shared resources. It supports rootless container execution by using user namespaces to launch containers without administrative privileges. The library covers a broad range of system operations, including image handling for pulling and pushing across registries, network configuration, and resource isolation through control groups to prevent system exhaustion. It also manages the full container lifecycle—from creation and execution to checkpointing and restoration—via OCI-compliant runtimes. For desktop operating systems, the project supports container execution through a virtual machine backend. - [kubero-dev/kubero](https://awesome-repositories.com/repository/kubero-dev-kubero.md) (4,150 ⭐) — Kubero is a self-hosted Platform as a Service (PaaS) that simplifies the deployment, scaling, and management of containerized applications on Kubernetes. It functions as an application manager, CI/CD orchestrator, and multi-tenant manager, allowing users to run workloads without writing manual configuration files. The platform distinguishes itself through automated image synthesis, transforming source code from Git repositories into deployable containers via buildpacks, Dockerfiles, or nixpacks. It implements a GitOps delivery model with automated pipelines that trigger builds on push events and provision ephemeral review environments for pull requests. Beyond deployment, it provides integrated infrastructure management for provisioning databases and caches through a graphical interface. The system includes multi-tenant isolation using namespaces, role-based access control with OAuth2 authentication, and automated SSL certificate management. Additional capabilities cover resource scaling, application health monitoring, and the attachment of persistent storage volumes. The platform can be installed on local Kubernetes clusters or provisioned on supported cloud providers using a dedicated CLI and web-based management console. - [komodorio/helm-dashboard](https://awesome-repositories.com/repository/komodorio-helm-dashboard.md) (5,625 ⭐) — Helm Dashboard is a web-based interface for managing and monitoring Helm releases in Kubernetes clusters. It provides a graphical alternative to the command line for viewing deployed releases, inspecting installed charts, and performing the full lifecycle of Helm operations including installation, upgrades, rollbacks, and uninstalls. The dashboard enables users to browse releases with filtering by namespace or name, view revision history and deployment details, and compare manifest or values differences between revisions before applying changes. It supports deploying charts from repositories, local directories, or pre-release versions, and allows switching between multiple Kubernetes cluster contexts directly from the UI. For troubleshooting and maintenance, the tool offers release status inspection, resource health monitoring with color-coded indicators, and integration with external scanners to detect vulnerabilities in charts and Kubernetes resources before deployment. Users can restrict operations to specific namespaces, disable health checks or latest version checks, and opt out of usage analytics. The server can be launched from the command line with configurable host and port settings, and local chart paths can be loaded into the interface for development workflows. - [hadarmanor/public-vulnerabilities](https://awesome-repositories.com/repository/hadarmanor-public-vulnerabilities.md) (14 ⭐) — All my public vulnerabilities. - [googlechrome/lighthouse](https://awesome-repositories.com/repository/googlechrome-lighthouse.md) (30,355 ⭐) — Lighthouse is an automated diagnostic tool that evaluates web pages against industry standards for performance, accessibility, and search engine optimization. It functions as a programmatic analysis engine and a command-line utility, allowing developers to integrate comprehensive web quality checks directly into continuous integration pipelines and local development workflows. The project distinguishes itself through a modular architecture that utilizes artifact-based data collection to ensure consistent analysis across different environments. It supports a headless execution mode for automated testing and provides a plugin-driven framework, enabling developers to register custom audit logic and specialized reporting categories to meet unique project requirements. Beyond its core auditing capabilities, the tool detects underlying web frameworks and content management systems to provide tailored optimization recommendations. It generates structured, machine-readable reports and offers multiple interfaces, including a browser-integrated panel and a dedicated extension, to facilitate real-time feedback during the development process. - [vulnerscom/nmap-vulners](https://awesome-repositories.com/repository/vulnerscom-nmap-vulners.md) (3,381 ⭐) — NSE script based on Vulners.com API - [openhands/openhands](https://awesome-repositories.com/repository/openhands-openhands.md) (77,330 ⭐) — OpenHands is an autonomous agent framework designed for software engineering workflows. It provides a modular platform for orchestrating AI agents that reason, plan, and execute tasks within isolated, containerized development environments. By integrating with standard version control and development tools, the system enables agents to autonomously navigate codebases, implement features, and resolve issues through iterative reasoning and tool execution. The platform distinguishes itself through a model-agnostic orchestrator that connects diverse language models to a unified tool registry. It supports complex, multi-agent collaboration via hierarchical task delegation, allowing parent agents to spawn and manage independent sub-agents for parallelized workflows. Security is managed through configurable action approval policies and real-time risk evaluation, ensuring that autonomous operations remain within defined safety boundaries. The system covers a broad capability surface including persistent conversation state management, automated code review, and web research automation. It features an event-driven architecture that serializes interactions into immutable logs, facilitating observability and time-travel debugging. Developers can extend agent functionality through custom skill definitions, plugin packages, and integration with external services via standardized protocols. The project provides a command-line interface for managing agent sessions, remote server deployments, and containerized workspace lifecycles. It is designed for extensibility, allowing users to configure agent behavior through structured objects, markdown-based definitions, and environment-specific settings. - [fleetdm/fleet](https://awesome-repositories.com/repository/fleetdm-fleet.md) (6,058 ⭐) — Fleet is an open-source device management platform that provides centralized control over computing devices running macOS, Linux, Windows, Chromebooks, iOS, and Android. It enables organizations to enroll devices, collect real-time telemetry, enforce security compliance policies, and manage software remotely from a single system. The platform can be deployed as a single binary, run locally for testing, or scaled horizontally across cloud infrastructure on AWS, Kubernetes, GCP, or Render, with support for high availability through database replication and load balancing. The platform distinguishes itself through its infrastructure-as-code approach, allowing teams to manage device configurations, policies, and queries declaratively through GitOps workflows, a REST API, webhooks, or the fleetctl command-line tool. Every configuration change is tracked and auditable, with the ability to review and approve proposed modifications before deployment and instantly roll back if needed. Fleet integrates with common identity providers through SAML single sign-on, supports SCIM for automatic user provisioning and deprovisioning, and can export data to enterprise platforms like Snowflake, Splunk, GitHub Actions, and Jira for workflow automation. Fleet provides comprehensive device monitoring and security assessment capabilities, including live SQL queries across all managed devices, automated vulnerability scanning, CIS benchmark compliance checks, and YARA rule-based file scanning. The platform collects detailed device health data, software inventory, and security configurations, and can run scripts automatically based on schedules or policy triggers. It supports remote software deployment, including App Store applications on Apple devices, and enforces security controls such as disk encryption and custom compliance policies. The platform exposes Prometheus metrics and OpenTelemetry traces for observability, and provides a health endpoint for monitoring server status. - [containers/ramalama](https://awesome-repositories.com/repository/containers-ramalama.md) (2,605 ⭐) — Ramalama is a containerized runtime and management tool for large language models. It functions as an OCI AI model manager and registry client, allowing users to package, distribute, and execute AI models as standardized container images. The project differentiates itself by using OCI-compliant distribution for models and retrieval augmented generation assets, enabling the packaging of vector databases into immutable container images. It features hardware-aware image selection that automatically detects GPU or CPU capabilities to pull the most optimized image for the host environment. The system covers model inference through REST APIs and interactive chat interfaces, local model lifecycle management, and the execution of AI agents within isolated sandboxes. It also provides utilities for model format conversion, performance benchmarking, and the orchestration of container-isolated inference. - [future-architect/vuls](https://awesome-repositories.com/repository/future-architect-vuls.md) (12,185 ⭐) — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of security auditing capabilities, including Linux and FreeBSD system patching, container security analysis, and the verification of pending kernel reboots. It supports various data acquisition methods, including remote SSH scanning, local execution, and an HTTP-based scan server mode. - [photoprism/photoprism](https://awesome-repositories.com/repository/photoprism-photoprism.md) (39,816 ⭐) — PhotoPrism is a self-hosted digital asset management platform designed to organize, classify, and manage large collections of photos and videos on personal infrastructure. It functions as a private alternative to cloud-based services, ensuring that all media remains under the user's control. The platform utilizes neural-network-based media analysis to automatically detect objects, faces, and locations, providing a comprehensive, AI-powered approach to library organization. The project distinguishes itself through its containerized architecture, which simplifies deployment and lifecycle management across diverse hardware environments. It features an asynchronous background worker system that handles compute-intensive tasks like transcoding and thumbnail generation, ensuring the web interface remains responsive even during large-scale indexing operations. Furthermore, it employs a sidecar-based metadata persistence model, storing information in external files alongside original assets to maintain data portability and independence from the primary database. Beyond its core organization capabilities, the platform provides a robust suite of tools for library management, including duplicate detection, geospatial mapping, and advanced metadata-based search. It supports secure, authenticated access through a responsive web interface and offers granular control over media sharing and privacy settings. Users can extend the platform's functionality through custom AI model configurations and integrate it with external identity providers for centralized authentication. The application is distributed as a containerized service, typically managed via Docker Compose, and includes comprehensive documentation for deployment, database maintenance, and performance optimization on various hardware architectures. - [curl/curl](https://awesome-repositories.com/repository/curl-curl.md) (42,214 ⭐) — Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchronous network transfers. It features a non-blocking event loop that enables multiple simultaneous transfers within a single thread, alongside a connection pooling mechanism that reuses network sockets to minimize latency. Security is a primary focus, implemented through a pluggable architecture that supports various cryptographic backends, native certificate store integration, and comprehensive authentication mechanisms for protected resources. Beyond core data movement, the project includes extensive support for modern networking standards, including HTTP/3, WebSockets, and MQTT. It offers sophisticated state management through a built-in cookie engine and provides granular control over request headers, URL construction, and batch processing. These capabilities are supported by robust debugging tools that allow for the inspection of raw request and response data during development. The project is distributed with standard configuration scripts and package management support to facilitate integration into diverse build environments. - [containers/podman](https://awesome-repositories.com/repository/containers-podman.md) (32,035 ⭐) — Podman is a container engine designed for managing containerized applications and images without the need for a persistent background daemon. By utilizing a fork-exec process model, it executes container management commands as direct child processes of the host system, ensuring that container lifecycles are handled through standard host-level process control. The project distinguishes itself through a focus on rootless security and cross-platform compatibility. It employs user namespace mapping to allow unprivileged users to manage isolated workloads without requiring administrative system access. On non-Linux operating systems, it integrates with lightweight virtual machines to provide a native command-line experience for container development. The engine supports the full container lifecycle, including image management, registry interaction, and orchestration of background or interactive services. It adheres to open industry standards for container runtimes and includes capabilities for checkpointing and restoring the memory and process state of running containers to facilitate workload migration. - [kananinirav/aws-certified-cloud-practitioner-notes](https://awesome-repositories.com/repository/kananinirav-aws-certified-cloud-practitioner-notes.md) (3,829 ⭐) — This project is a collection of structured study notes and conceptual breakdowns designed for the AWS Certified Cloud Practitioner exam. It serves as a technical reference and study guide, organizing cloud service details and architectural principles to assist in certification preparation. The knowledge base is built using markdown files and includes curated cheat sheets and interactive mind-map visualizations. These tools map complex certification topics into visual hierarchies to enable drill-down study paths and rapid revision. The materials cover a wide range of cloud capabilities, including core infrastructure, security governance, and the shared responsibility model. It provides detailed references for compute, storage, networking, and database services, as well as guidance on cloud economics and cost management. The repository utilizes Git-based versioning to track updates to the study materials. - [kata-containers/kata-containers](https://awesome-repositories.com/repository/kata-containers-kata-containers.md) (8,106 ⭐) — Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It further enhances performance and security via direct-device hardware passthrough for GPUs and high-performance networking using SR-IOV and vhost-user. The runtime covers a broad range of capabilities, including guest operating system image engineering, the coordination of sandbox resources, and advanced monitoring and observability via distributed request tracing and guest console access. It also implements performance optimizations such as template-based VM cloning for accelerated boot times and memory access optimization through direct access filesystem features. The system supports cross-architecture execution across x86, ARM, Power, and IBM Z hardware, with configuration managed through TOML files. - [goharbor/harbor](https://awesome-repositories.com/repository/goharbor-harbor.md) (28,761 ⭐) — Harbor is a self-hosted, enterprise-grade container registry platform designed to store, sign, and scan container images and cloud-native artifacts. It provides a centralized repository that integrates directly with Kubernetes environments to manage the full lifecycle of software artifacts, from initial storage to production deployment. The platform distinguishes itself through a focus on security, governance, and multi-site availability. It features a pluggable vulnerability scanning framework that allows for the integration of various security engines, alongside content trust mechanisms that enforce digital signatures to ensure image authenticity. To support distributed infrastructure, it includes a cross-instance replication controller that synchronizes artifacts across geographic locations, ensuring high availability and disaster recovery. Harbor manages access and organization through project-based workspaces, where granular role-based access control is enforced for users and groups. It integrates with external identity providers using standardized protocols like OIDC to streamline authentication. The system also provides comprehensive administrative capabilities, including audit logging, storage quota enforcement, and automated garbage collection to maintain registry health and performance. The platform is built on a modular, microservices-based architecture that supports pluggable storage backends, allowing for flexibility across different cloud and local storage environments. It is designed for deployment within Kubernetes clusters, utilizing administrative APIs to facilitate programmatic management and integration with external CI/CD pipelines. - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports complex security workflows by integrating with external identity providers for federated authentication and offering a reverse tunneling gateway that allows secure access to private network resources without exposing inbound ports. Additionally, the system includes an event-driven audit engine that maintains an immutable record of all configuration changes and access requests to support compliance requirements. Beyond core secret storage, the platform provides comprehensive orchestration capabilities, including automated secret injection into containerized environments and infrastructure pipelines. It also features integrated public key infrastructure management for the lifecycle of digital certificates and automated scanning to detect hardcoded secrets in source code and CI pipelines. The platform supports flexible deployment models, allowing teams to either utilize managed cloud services or self-host the infrastructure within their own private networks. It provides a broad ecosystem of SDKs and a command-line interface to facilitate integration across various programming languages and deployment workflows. - [cr0hn/vulnerable-node](https://awesome-repositories.com/repository/cr0hn-vulnerable-node.md) (487 ⭐) — A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools - [analysis-tools-dev/static-analysis](https://awesome-repositories.com/repository/analysis-tools-dev-static-analysis.md) (14,389 ⭐) — This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, managing technical debt, and auditing software supply chain security. The collection covers a broad spectrum of analysis capabilities, ranging from automated code refactoring and structural transformation to formal verification and database schema analysis. It also includes resources for orchestrating multiple linters within development workflows, visualizing code metrics, and performing security compliance audits across diverse repositories. - [datreeio/datree](https://awesome-repositories.com/repository/datreeio-datree.md) (6,339 ⭐) — Datree is a policy enforcement framework for Kubernetes that validates configurations against rules written in Rego, JSON Schema, or CEL. It operates as both a command-line tool for pre-deployment scanning and as a cluster-side admission webhook for real-time enforcement, integrating with CI/CD pipelines and continuous delivery tools like ArgoCD and FluxCD. The framework supports namespace-scoped policy mapping, allowing different policies to apply to different namespaces, and provides a skip annotation mechanism for selectively bypassing rules on individual resources or entire namespaces. It includes a management dashboard for monitoring policy compliance, tracking check history, and displaying resource violations with remediation steps, along with a cluster health scoring system. Datree enforces a wide range of Kubernetes best practices, including container resource limits and requests, liveness and readiness probes, pinned image versions, security contexts, and minimum replica counts. It also validates CronJob schedules and deadlines, HorizontalPodAutoscaler configurations, and resource labels, while supporting custom rule authoring through Rego, JSON Schema, or CEL. - [aidenybai/react-scan](https://awesome-repositories.com/repository/aidenybai-react-scan.md) (21,370 ⭐) — React Scan is a diagnostic utility and performance auditor designed to monitor the rendering lifecycle of components within user interfaces. It functions as an automated analysis tool that tracks component re-render cycles and execution timing to identify performance bottlenecks in real time. The tool distinguishes itself by providing visual feedback through a persistent overlay injected directly into the application. By instrumenting the reconciliation process and observing component state and props, it highlights specific rendering patterns that contribute to performance degradation. This utility covers a broad range of observability and debugging capabilities, focusing on the analysis of component update behavior. It is intended for use during development to troubleshoot and optimize the execution speed of complex component trees. - [gaopengcuhk/container](https://awesome-repositories.com/repository/gaopengcuhk-container.md) (46 ⭐) — Official Code Release for Container : Context Aggregation Network - [andresriancho/w3af](https://awesome-repositories.com/repository/andresriancho-w3af.md) (4,850 ⭐) — w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing traffic through compromised hosts via reverse TCP tunnels and SOCKS proxies. The platform covers a broad range of security capabilities, including REST API auditing, infrastructure fingerprinting, and automated login processing. It supports session maintenance through various authentication methods and provides tools for visualizing site structures and analyzing HTTP response clusters. Users can manage the scanner via a graphical interface or a programmatic API to automate scans and retrieve vulnerability data. The application is delivered as a dockerized environment to ensure consistent runtime behavior and simplified dependency management. - [punkpeye/awesome-mcp-servers](https://awesome-repositories.com/repository/punkpeye-awesome-mcp-servers.md) (89,264 ⭐) — This project serves as a centralized directory and interoperability hub for the Model Context Protocol, providing a curated collection of standardized service connectors that bridge artificial intelligence models with external software, databases, and APIs. It facilitates the integration of AI agents with diverse ecosystems by offering a registry of machine-readable interface definitions that enable dynamic tool discovery and structured context injection. The directory distinguishes itself by focusing on the protocol-based interoperability required for autonomous AI agents to interact with heterogeneous remote services. It emphasizes a decoupled request-response pattern and a bidirectional capability handshake, ensuring that AI hosts and servers can negotiate operational constraints and supported features before any tool invocation occurs. This architecture supports stateless service implementations, allowing for independent scaling and deployment of tools across various environments. The collection covers a broad functional range, including integrations for business productivity, data science, infrastructure management, and developer utilities. These connectors enable AI agents to perform tasks such as secure database querying, code execution, desktop automation, and persistent memory management. The repository acts as a community-driven resource for developers seeking to extend the operational range of their AI agents through modular, plug-and-play service integrations. - [imager-io/imager](https://awesome-repositories.com/repository/imager-io-imager.md) (730 ⭐) — Automated image compression for efficiently distributing images on the web. - [pumasecurity/puma-scan](https://awesome-repositories.com/repository/pumasecurity-puma-scan.md) (0 ⭐) — Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis as development teams write code. In Visual Studio, vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs…