Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

The main libseccomp repository

A set of curated exercises to help you prepare for the CKS exam

The Kubernetes Security Profiles Operator

Provide powerful tools for seccomp analysis

A stupid game for learning about containers, capabilities, and syscalls.

The libseccomp golang bindings repository

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

Rust implementation of PRoot, a ptrace-based sandbox

Go library for installing a seccomp BPF system call filter.

Online Judge for testing programming ability in C, C++, Java and Python.

Simplifying Seccomp enforcement in containerized or non-containerized apps

eBPF Python runtime sandbox with seccomp (Blocks RCE).

Rust Language Bindings for the libseccomp Library

Generate seccomp profiles from go binaries

Build custom Docker seccomp profiles for containers by finding syscalls it uses.

Provides easy-to-use Linux seccomp-bpf jailing.

minT(oolkit): Mint awesome, secure and production ready containers just the way you need them! Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)