OpenSecAtlas
OPENSECATLAS
11/12 free views
Tool
Other
Container Security

container-security-testing

by omerlh

7stars
2forks
3watchers
Updated over 5 years ago
About

A curated collection of free, open-source security testing tools for scanning containerized applications and their infrastructure.

A list of security testing tools for containerized applications

Primary Use Case

This repository serves developers and security engineers who want to assess and improve the security posture of containerized applications through multiple testing approaches including static analysis, dynamic scanning, dependency checking, and infrastructure as code validation. It provides practical demos and integration examples for various tools to identify vulnerabilities in container images, code, and Kubernetes configurations.

Key Features
  • Static code analysis using DevSkim with IDE integration
  • Dynamic application security testing via OWASP ZAProxy
  • Dependency scanning for .NET projects using Retire.Net
  • Docker image vulnerability scanning with Anchore Engine
  • Kubernetes manifest security scanning using Kubesec
  • Sample .NET Core web API application for testing
  • Automated test scripts and report generation
  • Open source and free-to-use tools

Installation

  • Clone the repository
  • Navigate to the src folder and run the sample app with `dotnet run`
  • Install DevSkim extension in your IDE (e.g., VS Code) for static analysis
  • Install Retire.Net tool for dependency scanning
  • Launch Anchore Engine by running `docker-compose up -d` in the anchore-engine folder
  • Ensure OWASP ZAProxy is available to run dynamic analysis
  • Download or install Kubesec CLI for Kubernetes files scanning

Usage

>_ dotnet run

Runs the sample .NET Core web API application in the src folder

>_ Open OpenPositionsController in IDE

View static analysis warnings from DevSkim in the IDE

>_ ./scripts/run_tests.sh

Runs OWASP ZAProxy dynamic analysis tests and generates a report at glue/report.html

>_ dotnet retire

Scans .NET project dependencies for known vulnerabilities using Retire.Net

>_ docker-compose up -d (in anchore-engine folder)

Starts Anchore Engine service for Docker image scanning

>_ POST /v1/images with JSON {"tag": "omerlh/open-positions-api:1"}

Requests Anchore Engine to scan the specified Docker image

>_ GET /v1/images/<imageDigest>

Retrieves vulnerability report for the scanned Docker image from Anchore Engine

>_ ./kubesec deployment.yaml

Scans Kubernetes deployment manifest for security issues using Kubesec

Security Frameworks
Reconnaissance
Initial Access
Defense Evasion
Discovery
Collection
Usage Insights
  • Integrate these tools into CI/CD pipelines for continuous container security testing.
  • Use the sample app and automated scripts to create repeatable purple team exercises.
  • Combine static and dynamic analysis results to prioritize remediation efforts effectively.
  • Leverage Kubernetes manifest scanning to enforce security policies before deployment.
  • Extend Anchore Engine scans with custom policies to detect organization-specific risks.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about container-security-testing. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile
Red Team70%
Blue Team60%
Purple Team80%
Details
LicenseMIT License
LanguageC#
Open Issues0
Topics
containers
docker
cicd
kubernetes
security-testing
appsec
devsecops

Related Tools

portainer icon

portainer

portainer/portainer

Tool

Making Docker and Kubernetes management easy.

33.2K
10 months ago
slim icon

slim

slimtoolkit/slim

Tool

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

22.7K
3 months ago
kubescape icon

kubescape

kubescape/kubescape

Tool

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

11.1K
3 months ago
kube-bench icon

kube-bench

aquasecurity/kube-bench

Tool

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

7.9K
about 1 month ago
kubernetes-learning-path icon

kubernetes-learning-path

techiescamp/kubernetes-learning-path

Educational Resource

A roadmap to learn Kubernetes from scratch (Beginner to Advanced level)

7.4K
about 1 month ago
kata-containers icon

kata-containers

kata-containers/kata-containers

Framework

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/

7.3K
3 months ago