diff --git a/docker-and-k8s-security/docker/additional-tools.md b/docker-and-k8s-security/docker/additional-tools.md index 36a6eff..2e9062b 100644 --- a/docker-and-k8s-security/docker/additional-tools.md +++ b/docker-and-k8s-security/docker/additional-tools.md @@ -1,4 +1,4 @@ -# Additinal Docker Security Tools and Resources +# Additional Docker Security Tools and Resources - [Anchor Engine](https://github.com/anchore/anchore) - Analyze images for CVE vulnerabilities and against custom security policies by [@Anchor](https://github.com/anchore) - [Aqua Security](https://www.aquasec.com) :heavy_dollar_sign: - Securing container-based applications from Dev to Production on any platform @@ -6,8 +6,9 @@ - [CIS Docker Benchmark](https://github.com/dev-sec/cis-docker-benchmark) - This [InSpec][inspec] compliance profile implement the CIS Docker 1.12.0 Benchmark in an automated way to provide security best-practice tests around Docker daemon and containers in a production environment. By [@dev-sec](https://github.com/dev-sec) - [Clair](https://github.com/quay/clair) - Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [@coreos][coreos] - [Dagda](https://github.com/eliasgranderubio/dagda) - Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. By [@eliasgranderubio](https://github.com/eliasgranderubio) -- [Deepfence Enterprise](https://deepfence.io) :heavy_dollar_sign: - Full life cycle Cloud Native Workload Protection platform for kubernetes, virtual machines and serverless. By [@deepfence](deepfence) -- [Deepfence Threat Mapper](https://github.com/deepfence/ThreatMapper) - Powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless. +- [Deepfence SecretScanner](https://github.com/deepfence/SecretScanner) - Find unprotected secrets - tokens, keys, passwords - in containers and host filesystems. +- [Deepfence ThreatMapper](https://github.com/deepfence/ThreatMapper) - Powerful open source runtime vulnerability scanner for kubernetes, virtual machines and serverless. +- [Deepfence ThreatStryker](https://deepfence.io/threatstryker/) :heavy_dollar_sign: - Full life cycle Cloud Native Workload Protection platform for kubernetes, virtual machines and serverless. By [@deepfence](deepfence) - [docker-bench-security](https://github.com/docker/docker-bench-security) - script that checks for dozens of common best-practices around deploying Docker containers in production. - [docker-explorer](https://github.com/google/docker-explorer) - A tool to help forensicate offline docker acquisitions by Google - [docker-lock](https://github.com/safe-waters/docker-lock) - A cli-plugin for docker to automatically manage image digests by tracking them in a separate Lockfile. By [@safe-waters][safe-waters] diff --git a/docker-and-k8s-security/kubernetes/README.md b/docker-and-k8s-security/kubernetes/README.md index a50d21e..0ec2134 100644 --- a/docker-and-k8s-security/kubernetes/README.md +++ b/docker-and-k8s-security/kubernetes/README.md @@ -115,6 +115,8 @@ - [KubiScan](https://github.com/cyberark/KubiScan) - [Kubernetes Audit by Trail of Bits](https://github.com/trailofbits/audit-kubernetes) - [kubeaudit](https://github.com/Shopify/kubeaudit) +- [SecretScanner](https://github.com/deepfence/SecretScanner) +- [ThreatMapper](https://github.com/deepfence/ThreatMapper) - [falco](https://github.com/falcosecurity/falco) - [kubesec](https://github.com/controlplaneio/kubesec) - [kube-bench](https://github.com/aquasecurity/kube-bench)