Docker security tools

Tools

Anchore (container analysis and inspection)

system hardening

Anchore is a tool to help with discovering, analyzing and certifying container images. These images can be stored both on-premises or in the cloud. The tooling is mainly focused on developer so that perform analysis on their container images. Typical actions include running queries, creating reports, or set up policies for a continuous integration and deployment pipeline.

bane (AppArmor profile generator)

application security, security monitoring, system hardening

Bane is a tool to create AppArmor profiles. This helps to secure applications by setting restrictions on resources they access or modify. A strict policy may help to prevent privilege escalation attacks.

Dagda (vulnerability scanner for Docker containers)

malware detection, malware scanning, vulnerability management, vulnerability scanning

The main reasons to use Dagda is the detection of vulnerable or malicious components within your containerized environment.

Docker Bench (by Aqua) (Docker security scanner)

configuration audit

Docker Bench is one of the tools that can be used to perform a security analysis on Docker and its configuration. It can find common configuration flaws that may impose risks to other containers or the host itself.

Docker Bench for Security (Docker security scanner)

application security, configuration audit, security assessment

Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.