awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

4 个仓库

Awesome GitHub RepositoriesContainer Security

Tools and mechanisms for securing containerized environments and isolating processes from the host system.

Distinguishing note: Focuses on security isolation primitives like rootless namespaces rather than general infrastructure management.

Explore 4 awesome GitHub repositories matching devops & infrastructure · Container Security. Refine with filters or upvote what's useful.

Awesome Container Security GitHub Repositories

用 AI 发现最棒的仓库。我们将通过 AI 为您搜索最匹配的仓库。
  • nsqio/nsqnsqio 的头像

    nsqio/nsq

    25,738在 GitHub 上查看↗

    NSQ is a distributed, brokerless messaging platform designed for high-throughput, fault-tolerant communication. By utilizing a decentralized topology, it eliminates single points of failure and allows for horizontal scaling across clusters. The system organizes message streams into topics and channels, effectively decoupling producers from consumers to support both streaming and job-oriented workloads. The platform distinguishes itself through a lookup-service-based discovery mechanism that enables clients to dynamically locate producers at runtime without requiring centralized coordination.

    Secures containerized messaging services by mounting certificates for encrypted communication.

    Godistributed-systemsgomessage-queue
    在 GitHub 上查看↗25,738
  • googlecontainertools/distrolessGoogleContainerTools 的头像

    GoogleContainerTools/distroless

    22,254在 GitHub 上查看↗

    Distroless provides a collection of security-hardened, minimal base container images designed to reduce attack surfaces by excluding non-essential system utilities, package managers, and shells. These images are constructed to contain only an application and its specific runtime dependencies, enforcing the principle of least privilege by configuring environments for non-root execution. The project distinguishes itself through a focus on supply chain integrity and reproducible builds. It utilizes declarative build configurations to track package versions and validates container image integrity

    Executes applications in stripped-down container environments that exclude shells and package managers.

    Starlarkbazeldocker
    在 GitHub 上查看↗22,254
  • containerd/containerdcontainerd 的头像

    containerd/containerd

    20,369在 GitHub 上查看↗

    Containerd is a daemon-based container runtime that manages the complete lifecycle of containers on a host system. It functions as a core orchestration backend, handling image distribution, storage, and process execution while adhering to industry-standard specifications for container execution and configuration. The project is distinguished by its modular, plugin-based architecture, which allows for the extension of storage, runtime, and networking capabilities without requiring a full daemon recompile. It utilizes a shim-based execution model to delegate low-level operations, ensuring isola

    Applies kernel-level security mechanisms to container processes to restrict system calls and isolate workloads from the host.

    Gocncfcontainerdcontainers
    在 GitHub 上查看↗20,369
  • coreos/rktcoreos 的头像

    coreos/rkt

    8,774在 GitHub 上查看↗

    rkt 是一个安全的 Linux 容器引擎和 Pod 原生容器管理器。它提供了一个可组合的执行环境,用于在 Linux 上启动和管理隔离的应用程序容器,作为一个围绕镜像格式和网络接口的开放行业标准设计的运行时。 该系统以 Pod 原生执行模型为特色,将多个容器和共享资源分组为单个、自包含的单元。它利用可插拔的执行引擎提供安全隔离,包括使用基于硬件的虚拟化在主机系统和运行中的应用程序之间创建安全边界。 该项目涵盖了容器管理的广泛功能,包括符合 OCI 标准的镜像执行和基于 CNI 的网络。它还提供与集群编排器和系统初始化工具的集成,以管理跨分布式环境的工作负载。

    Secures the host system by isolating containers through hardware virtualization and security modules.

    Go
    在 GitHub 上查看↗8,774
  1. Home
  2. DevOps & Infrastructure
  3. Container Security

探索子标签

  • Minimalist RuntimesContainer environments stripped of shells and package managers to enforce production security. **Distinct from Container Security:** Distinct from general container security: focuses on the removal of unnecessary binaries and tools.