Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Tfsec is now part of Trivy

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Kubernetes-native security toolkit

🧵 CLI tool for directly patching container images!

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Superseded by https://github.com/aquasecurity/trivy-operator

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

ValidKube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security.

🧹 Cleaning up images from Kubernetes nodes

VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX, attachments, automatic changelog, stats, vulnerability management, bugbounty, local ai/llm, super fast pentest reporting!

Import Helm Charts to OCI registries, optionally with vulnerability patching

Vulnerability scanning just got lazier

No description available

A set of curated exercises to help you prepare for the CKS exam

m9sweeper is a free and easy kubernetes security platform.

Use Trivy as a plug-in vulnerability scanner in the Harbor registry

Trivy's misconfiguration scanning engine

Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.

A VS Code Extension for Trivy

Implementing End-to-End CI/CD, IaC, and Monitoring using Kubernetes, GitOps (Argo CD), GitHub Actions, Terraform, AWS EKS, Prometheus, Grafana, and Kubecost.

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

Simple but still extremely powerful K9S alternative. An interactive `explain` command. Security scanning based on `trivy`. Supports multiple envs. Midnight commander like interface. Custom hotkeys

DevSecOps Project using git, GitHub, jenkins, Maven,Junit, SonarQube, Docker, Trivy, Hashicorp Vault, AWS, Kubernetes

Hands-on DevSecOps project deploying a Tetris game on AWS EKS. Features Jenkins CI/CD, ArgoCD GitOps, Terraform-based IaC, Kubernetes, Docker, Trivy vulnerability scanning, OWASP Dependency-Check, and SonarQube for code quality.

An Argo CD extension to enable visualization of Trivy generated vulnerability reports in Argo CD UI.

Udemy Course on DevSecOps

Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)

Trivy Operator Dashboard: A comprehensive tool for Trivy Operator. Offers various dashboards and interactive pages where you can browse and inspect Trivy Reports. Built with C#, .NET 10 (backend), Angular 21, and Node.js 24 (frontend).

Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.