seccomp

DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

A stupid game for learning about containers, capabilities, and syscalls.

Provide powerful tools for seccomp analysis

The main libseccomp repository

The Kubernetes Security Profiles Operator

The libseccomp golang bindings repository

A set of curated exercises to help you prepare for the CKS exam

Generate seccomp profiles from go binaries

Simplifying Seccomp enforcement in containerized or non-containerized apps

Rust implementation of PRoot, a ptrace-based sandbox

Build custom Docker seccomp profiles for containers by finding syscalls it uses.

Go library for installing a seccomp BPF system call filter.

Record process launches and files read and written by each process

BPF Processor for IDA Python

Docker Secure Computing Profile Generator

Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.

agent for handling seccomp descriptors for container runtimes

A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure