bane alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

100

Anchore

Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.

Project details

Anchore is written in Python.

Strengths and weaknesses

  • + Commercial support available
  • + The source code of this software is available

    Typical usage

    • System hardening

    Anchore project page

    64

    DFWFW (Docker Firewall Framework)

    DFWFW, short of Docker Firewall Framework, offers easy administration of the iptables rules of Docker containers. It updates using event streams.

    Project details

    DFWFW is written in Perl.

    Strengths and weaknesses

    • + The source code of this software is available
    • - Full name of author is unknown

    Typical usage

    • Firewall management

    DFWFW project page

    64

    Docker Bench (by Aqua)

    Project details

    Docker Bench (by Aqua) is written in Golang.

    Strengths and weaknesses

    • + The source code of this software is available
    • - No releases on GitHub available

    Typical usage

    • Configuration audit

    Docker Bench (by Aqua) project page

    76

    Docker Bench for Security

    Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.

    Project details

    Docker Bench for Security is written in shell script.

    Strengths and weaknesses

    • + Screen output is colored
    • + More than 25 contributors
    • + More than 3000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Application security
      • Configuration audit
      • Security assessment

      Docker Bench for Security project page

      64

      Dockerscan

      Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.

      Project details

      Dockerscan is written in Python.

      Strengths and weaknesses

      • + More than 500 GitHub stars
      • + The source code of this software is available

        Typical usage

        • Information gathering
        • Security assessment
        • Vulnerability scanning

        Dockerscan project page

        64

        Karn

        Karn is a tool to create AppArmor and seccomp profiles. This can be useful to restrict what applications can do for increased security.

        Project details

        Karn is written in Golang.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Application security
          • System hardening

          Karn project page

          100

          Lynis

          Lynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.

          Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

          Project details

          Lynis is written in shell script.

          Strengths and weaknesses

          • + Commercial support available
          • + More than 50 contributors
          • + More than 4000 GitHub stars
          • + Used language is shell script
          • + Very low number of dependencies
          • + Project is mature (5+ years)
          • + The source code of this software is available

            Typical usage

            • IT audit
            • Penetration testing
            • Security assessment
            • System hardening

            Lynis project page

            85

            subuser

            Subuser is a tool that allows commands to be executed with restrictions. It works on Linux and can increase security by lowering access levels.

            Project details

            subuser is written in Python.

            Strengths and weaknesses

            • + More than 10 contributors
            • + More than 500 GitHub stars
            • + The source code of this software is available

              Typical usage

              • Software testing

              subuser project page

              The tool with the highest score in this overview is Anchore. It might be a good candidate to replace bane.