Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.43.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|---|---|---|
| .. | ||
| cmd/docksec | ||
| internal | ||
| learn | ||
| tests | ||
| .gitignore | ||
| .golangci.yml | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
| go.mod | ||
| go.sum | ||
| justfile | ||
README.md
██████╗ ██████╗ ██████╗██╗ ██╗███████╗███████╗ ██████╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝██╔════╝██╔════╝
██║ ██║██║ ██║██║ █████╔╝ ███████╗█████╗ ██║
██║ ██║██║ ██║██║ ██╔═██╗ ╚════██║██╔══╝ ██║
██████╔╝╚██████╔╝╚██████╗██║ ██╗███████║███████╗╚██████╗
╚═════╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝╚══════╝ ╚═════╝
Docker security audit CLI that checks containers, images, and Dockerfiles against CIS Docker Benchmark v1.6.0.
This is a quick overview — security theory, architecture, and full walkthroughs are in the learn modules.
What It Does
- Scans running containers, images, Dockerfiles, and compose files for misconfigurations
- Checks against CIS Docker Benchmark v1.6.0 with severity scoring
- Detects privileged containers, dangerous capabilities, socket mounts, and namespace sharing
- Outputs terminal (colored), JSON, SARIF (GitHub Security tab), and JUnit formats
- Supports severity filtering and fail-on-critical for CI/CD pipelines
- Validates AppArmor/seccomp profiles, resource limits, and user namespace remapping
Quick Start
go install github.com/CarterPerez-dev/docksec/cmd/docksec@latest
docksec scan
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Commands
docksec scan # scan all targets with colored output
docksec scan --format sarif -o results.sarif # export SARIF for GitHub Security tab
docksec scan --severity critical,high # filter by severity
docksec scan --fail-on critical # exit non-zero for CI pipelines
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Security theory and real-world breaches |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
License
AGPL 3.0