Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
ClamAV is an open-source antivirus engine and malware detection scanner. It identifies trojans, viruses, and other malicious software by scanning files and data streams against a database of known signatures. The system functions as a signature-based threat detector, allowing for the implementation of threat intelligence by turning malware samples into actionable signatures. It supports the creation of custom malware signatures to identify specific or specialized security threats. The engine provides capabilities for endpoint security monitoring and comprehensive malware detection scanning a
Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom
Deployment checklist for securely deploying Docker