Security-focused linter for Docker Compose files. Catches dangerous misconfigurations before they reach production. Grounded in OWASP and CIS Docker Benchmark.

Open security scanner for AI supply chain: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

Enterprise-grade secure container deployment using Kubernetes, GitOps (ArgoCD), image scanning (Trivy), signing (Cosign), and runtime security (Falco).

Run coding agents in hardened Incus containers with real-time network threat detection, automatic threat response (pause/kill), credential isolation, protected paths, session persistence, and multi-slot support.

OCSF-native detection engineering + posture for cloud and AI infrastructure. Ingest → detect → view skills compose like Unix pipes. MITRE ATT&CK inside every finding. Read-only · agentless · least-privilege · closed-loop.

Argus brings “a hundred eyes” to your project, combining leading open source security tools into a scalable, automated, continuous security pipeline.

Container Security & Policy-as-Code Orchestration. Unified analysis, custom playbooks, and highly customizable interactive reports for production-ready CI/CD.

Docker Vulnerable app for learners.

Automatic vulnerability scanning for your self-hosted Docker containers.

Container escape scenario modeler with cross-tool integration — enumerate container security posture and model realistic escape paths with cloud context enrichment

Governed runtime for AI coding agents with container sandboxes, network controls, and team-managed configuration.

PatchHound is an open source SBOM vulnerability scanner with report generator, automated alerts and continuous monitoring for new threats for secure software supply chains.

AI-powered Docker image vulnerability scanner — Trivy + GPT-4o-mini to auto-suggest Dockerfile patches

Wolfi Java FIPS is an enterprise-grade cryptographic foundation for modern containerized applications. By combining the zero-vulnerability baseline of Wolfi OS, the performance of Eclipse Temurin (Adoptium), and the strict cryptographic boundaries of Bouncy Castle FIPS, this project delivers a truly secure

Cybersecurity Portfolio: Hands-On Labs & Simulations | Google Cybersecurity Certificate | TryHackMe SOC Level 1 & Advent of Cyber | Forage Virtual Internships | ISC² CC | Blue Team Skills

An experimental cloud-native runtime security framework utilizing eBPF syscall telemetry and Unsupervised Machine Learning to detect zero-day container escapes in Kubernetes.

Kubernetes CIS Benchmark audit + auto-hardened manifest generator

FastAPI fraud detection API demonstrating a verifiable container supply chain with Cosign signing, SBOM generation, and hardened Distroless Docker runtime.

A comprehensive Docker security scanner that performs static analysis on Dockerfiles and dynamic auditing of running containers. Detects secrets, misconfigurations, and CIS benchmark violations with colored terminal output, HTML/JSON reports, and CI/CD integration.

From-scratch, red-team–oriented Kubernetes misconfiguration & attack-path scanner. Fast, readable, and opinionated toward real-world escalation paths.