Docker Bench for Security alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

67

Alternative: 360-FAAR

Supported firewall configurations

  • Checkpoint FW1
  • Cisco ASA
  • Netscreen ScreenOS

85

Alternative: Prowler

Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.

Project details

Prowler is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • system hardening

Prowler project page

100

Alternative: Anchore

Anchore is a security tool to perform container analysis, inspect and control them.

Project details

Anchore is written in Python.

Strengths

  • + Commercial support available
  • + The source code of this software is available

Anchore project page

85

Alternative: bane

The bane tool is an AppArmor profile generator for Docker containers. It helps with creating the appropriate profile for confinement on system level.

With bane it becomes much easier to create an AppArmor profile. It works by running a Docker container while bane monitors it. Any required permissions will then be stored in the profile.

Project details

bane is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • security monitoring
  • system hardening

bane project page

64

Alternative: Dockerscan

Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.

Project details

Dockerscan is written in Python.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • information gathering
  • security assessment
  • vulnerability scanning

Dockerscan project page

78

Alternative: Clair

Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.

The tool has been created by CoreOS and can scan containers of different formats. It analyzes them and determines available security weaknesses in the container.

Project details

Clair is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning

Clair project page

64

Alternative: JShielder

JShielder is a security tool for Linux systems to make them more secure by adding system hardening measures.

Project details

JShielder is written in Python, shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • system hardening

JShielder project page

64

Alternative: LUNAR

LUNAR is a security scanner that runs on a Linux system or other flavors of Unix. It provides insights on what can be done to harden the system.

LUNAR is short for Lockdown UNix Auditing and Reporting and runs on the system itself.

Project details

LUNAR is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • self-assessment
  • system hardening

LUNAR project page

100

Alternative: Lynis

Security auditing tool for systems running Linux or Unix-based to perform an in-depth health check.

Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

Project details

Lynis is written in shell script.

Strengths

  • + Commercial support available
  • + More than 50 contributors
  • + More than 3000 GitHub stars
  • + Used language is shell script
  • + Very low number of dependencies
  • + Project is mature (5+ years)
  • + The source code of this software is available

Typical usage

  • IT audit
  • penetration test
  • security assessment
  • system hardening

Lynis project page

76

Alternative: Nix-Auditor

Nix-Auditor is a tool to help with scanning Linux systems and test them against CIS benchmarks.

This fairly new tool is written in shell script to scan Linux systems with the focus on security auditing.

Project details

Nix-Auditor is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Nix-Auditor project page

84

Alternative: Scout2

Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.

Project details

Scout2 is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars

Typical usage

  • IT audit
  • security assessment
  • self-assessment
  • system hardening

Scout2 project page

64

Alternative: seccheck

Seccheck is a security scanner for Linux systems. It is originally written for SuSE Linux by Marc Heuse.

Project details

seccheck is written in shell script.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Project looks outdated (old code or documentation)

Typical usage

  • security assessment
  • system hardening

seccheck project page

59

Alternative: Tiger

Tiger a security audit and intrusion detection tool for flavors of Unix

Project details

Tiger is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Weaknesses

  • - No updates for a while

Typical usage

  • intrusion detection
  • IT audit
  • system hardening
  • vulnerability scanning

Tiger project page

67

Alternative: YASAT

YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.

The YASAT tool performs a system scan to detect configuration issues and possible improvements for hardening the system.

Project details

YASAT is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - No updates for a while

Typical usage

  • IT audit
  • security assessment

YASAT project page

56

Alternative: Zeus

Zeus is a security tool to provide security audits on AWS environments. It is written in shell script and can be used for security audits.

Project details

Zeus is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • security assessment
  • self-assessment
  • system hardening

Zeus project page