From cf36e94b718f6ed79b55bac4e0e55fba97ee8ede Mon Sep 17 00:00:00 2001 From: Alan Pope Date: Fri, 12 Jul 2024 23:10:49 +0100 Subject: [PATCH] =?UTF-8?q?Add=20Syft=20SBOM=20tool=20to=20the=20Awesome?= =?UTF-8?q?=20Docker=20Security=20section=20=F0=9F=8E=89=20(#1134)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add Syft to the security section The world's favorite SBOM tool :D * Fix my markdown blunder Ahem. * ABCDEFGHIJKLMNOPQR S TUVWXYZ You'd have thought I'd have learned the alphabet by now. I don't know *what* I was thinking, putting it waaaay up there. Sorry about that. * Update Syft & Anchore Ok, I didn't realise the Anchore link at the top is actually to a product which is no longer available. So, I did the following to reduce mess: 1) Fixed the Anchore Enterprise product name, and added the 💲 because it's a paid product. 2) Removed reference to Anchore from Syft, as it's an open source project with multiple contributors outside Anchore. I hope that's okay :D --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5c3310a..bdf4ad2 100644 --- a/README.md +++ b/README.md @@ -307,7 +307,7 @@ _Source:_ [What is Docker](https://www.docker.com/why-docker/) ### Security - [Anchor](https://github.com/SongStitch/anchor/) - A tool to ensure reproducible builds by pinning dependencies inside your Dockerfiles [@SongStitch](https://github.com/songStitch/) -- [Anchor Engine](https://github.com/anchore/anchore) - Analyze images for CVE vulnerabilities and against custom security policies by [@Anchor](https://github.com/anchore) +- [Anchor Enterprise](https://anchore.com/) :heavy_dollar_sign: - Analyze images for CVE vulnerabilities and against custom security policies by [@Anchor](https://github.com/anchore) - [Aqua Security](https://www.aquasec.com) :heavy_dollar_sign: - Securing container-based applications from Dev to Production on any platform - [bane](https://github.com/genuinetools/bane) - AppArmor profile generator for Docker containers by [@genuinetools][genuinetools] - [CetusGuard](https://github.com/hectorm/cetusguard) - CetusGuard is a tool that protects the Docker daemon socket by filtering calls to its API endpoints @@ -325,6 +325,7 @@ _Source:_ [What is Docker](https://www.docker.com/why-docker/) - [notary](https://github.com/theupdateframework/notary) - a server and a client for running and interacting with trusted collections. By [@TUF](https://github.com/theupdateframework) - [oscap-docker](https://github.com/OpenSCAP/openscap) - OpenSCAP provides oscap-docker tool which is used to scan Docker containers and images. By [OpenSCAP](https://github.com/OpenSCAP) - [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) :heavy_dollar_sign: - (previously Twistlock Security Suite) detects vulnerabilities, hardens container images, and enforces security policies across the lifecycle of applications. +- [Syft](https://github.com/anchore/syft) - CLI tool and library for generating a Software Bill of Materials (SBOM) from container images and filesystems. - [Sysdig Falco](https://github.com/falcosecurity/falco) - Sysdig Falco is an open source container security monitor. It can monitor application, container, host, and network activity and alert on unauthorized activity. - [Sysdig Secure](https://sysdig.com/solutions/cloud-threat-detection-and-response/) :heavy_dollar_sign: - Sysdig Secure addresses run-time security through behavioral monitoring and defense, and provides deep forensics based on open source Sysdig for incident response. - [Trend Micro DeepSecurity](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html) :heavy_dollar_sign: - Trend Micro DeepSecurity offers runtime protection for container workloads and hosts as well as preruntime scanning of images to identify vulnerabilities, malware and content such as hardcoded secrets.