Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Provide powerful tools for seccomp analysis

A stupid game for learning about containers, capabilities, and syscalls.

The main libseccomp repository

The Kubernetes Security Profiles Operator

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

The libseccomp golang bindings repository

A set of curated exercises to help you prepare for the CKS exam

eBPF Python runtime sandbox with seccomp (Blocks RCE).

minT(oolkit): Mint awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Generate seccomp profiles from go binaries

Rust implementation of PRoot, a ptrace-based sandbox

Simplifying Seccomp enforcement in containerized or non-containerized apps

Build custom Docker seccomp profiles for containers by finding syscalls it uses.

🔍 Trace syscalls from user-space functions, by using eBPF

Provides easy-to-use Linux seccomp-bpf jailing.

Record process launches and files read and written by each process

BPF Processor for IDA Python