Cybersecurity-Projects/PROJECTS/intermediate/docker-security-audit
dependabot[bot] 7c57aa4d2f
chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.43.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.43.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-08 20:02:55 +00:00
..
cmd/docksec feat: did a couple things idk 2026-02-28 14:08:36 -05:00
internal feat: did a couple things idk 2026-02-28 14:08:36 -05:00
learn Update overview with tool description 2026-02-04 01:51:07 -05:00
tests feat: did a couple things idk 2026-02-28 14:08:36 -05:00
.gitignore Phase 1.1: Organize PROJECTS by difficulty level 2026-01-29 02:41:15 -05:00
.golangci.yml Phase 1.1: Organize PROJECTS by difficulty level 2026-01-29 02:41:15 -05:00
Dockerfile Phase 1.1: Organize PROJECTS by difficulty level 2026-01-29 02:41:15 -05:00
LICENSE - Standardize READMEs and add justfiles across all 14 projects 2026-02-11 07:01:25 -05:00
README.md Change code block syntax from ruby to regex 2026-02-11 07:45:18 -05:00
go.mod chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp 2026-04-08 20:02:55 +00:00
go.sum chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp 2026-04-08 20:02:55 +00:00
justfile - Standardize READMEs and add justfiles across all 14 projects 2026-02-11 07:01:25 -05:00

README.md

██████╗  ██████╗  ██████╗██╗  ██╗███████╗███████╗ ██████╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝██╔════╝██╔════╝
██║  ██║██║   ██║██║     █████╔╝ ███████╗█████╗  ██║
██║  ██║██║   ██║██║     ██╔═██╗ ╚════██║██╔══╝  ██║
██████╔╝╚██████╔╝╚██████╗██║  ██╗███████║███████╗╚██████╗
╚═════╝  ╚═════╝  ╚═════╝╚═╝  ╚═╝╚══════╝╚══════╝ ╚═════╝

Cybersecurity Projects Go License: AGPLv3 Go Report Card Docker

Docker security audit CLI that checks containers, images, and Dockerfiles against CIS Docker Benchmark v1.6.0.

This is a quick overview — security theory, architecture, and full walkthroughs are in the learn modules.

What It Does

  • Scans running containers, images, Dockerfiles, and compose files for misconfigurations
  • Checks against CIS Docker Benchmark v1.6.0 with severity scoring
  • Detects privileged containers, dangerous capabilities, socket mounts, and namespace sharing
  • Outputs terminal (colored), JSON, SARIF (GitHub Security tab), and JUnit formats
  • Supports severity filtering and fail-on-critical for CI/CD pipelines
  • Validates AppArmor/seccomp profiles, resource limits, and user namespace remapping

Quick Start

go install github.com/CarterPerez-dev/docksec/cmd/docksec@latest
docksec scan

[!TIP] This project uses just as a command runner. Type just to see all available commands.

Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin

Commands

docksec scan                                    # scan all targets with colored output
docksec scan --format sarif -o results.sarif    # export SARIF for GitHub Security tab
docksec scan --severity critical,high           # filter by severity
docksec scan --fail-on critical                 # exit non-zero for CI pipelines

Learn

This project includes step-by-step learning materials covering security theory, architecture, and implementation.

Module Topic
00 - Overview Prerequisites and quick start
01 - Concepts Security theory and real-world breaches
02 - Architecture System design and data flow
03 - Implementation Code walkthrough
04 - Challenges Extension ideas and exercises

License

AGPL 3.0