This tool set can generate SECCOMP profiles for Docker images. It mainly relies on static analysis, making its results more reliable than currently available tools.
☆71May 3, 2022Updated 4 years ago
Alternatives and similar repositories for confine
Users that are interested in confine are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This is the repository for the code and artifacts related to the CCS2022 paper: C2C: Fine-grained Configuration-driven System Call Filter…☆11Nov 4, 2022Updated 3 years ago
- This repository contains the source code related to the research paper titled "Temporal System Call Specialization for Attack Surface Red…☆39Nov 14, 2024Updated last year
- Analysis of syscall sequence pattern from exploit codes for advanced system call sequence filtering for enhanced container security☆16May 21, 2023Updated 2 years ago
- ☆11Feb 22, 2016Updated 10 years ago
- ☆25Jun 2, 2024Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- agent for handling seccomp descriptors for container runtimes�☆47Feb 1, 2024Updated 2 years ago
- This tool set can generate required capabilities for binaries. A system call to capability mapping is used to assign capability to the bi…☆14Oct 26, 2022Updated 3 years ago
- ☆13Oct 17, 2021Updated 4 years ago
- BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.☆59Jun 30, 2022Updated 3 years ago
- Rust Language Bindings for the libseccomp Library☆47Apr 30, 2026Updated last week
- ☆27Nov 16, 2021Updated 4 years ago
- Kernel isolation tester.☆18Oct 20, 2022Updated 3 years ago
- Hodor for node.js☆15Jun 18, 2023Updated 2 years ago
- ☆13Apr 9, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Dataset from Linux Raspian VMs and devices with auditd logs capturing various container escape and attacks.☆15Jul 30, 2022Updated 3 years ago
- bouheki is KRSI(eBPF+LSM) based Linux security auditing tool.☆93Sep 21, 2025Updated 7 months ago
- Generate an application profile containing metrics/properties for Kubernetes workloads based on runtime behavior.☆14Oct 1, 2024Updated last year
- Structured Information on State and Evolution of Dockerfiles - Online Appendix☆10Mar 16, 2018Updated 8 years ago
- Provides easy-to-use Linux seccomp-bpf jailing.☆112Apr 14, 2026Updated 3 weeks ago
- Waffle is a library for integrating a Web Application Firewall (WAF) into Go applications.☆18Updated this week
- Seccomp high-level wrapper☆16Jan 7, 2022Updated 4 years ago
- ☆16Sep 29, 2022Updated 3 years ago
- Example BPF program with LSM hooks☆36Feb 24, 2021Updated 5 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆25Dec 14, 2023Updated 2 years ago
- ☆15May 26, 2021Updated 4 years ago
- A command line tool to automatically generate seccomp profiles.☆27Apr 29, 2021Updated 5 years ago
- Static Binary Analysis Framework☆29May 2, 2026Updated last week
- DSL language to write seccomp filters☆37Apr 5, 2024Updated 2 years ago
- ☆39Feb 15, 2022Updated 4 years ago
- various code☆12Mar 24, 2023Updated 3 years ago
- some kernel exploit challenges and cve analysis☆26Nov 30, 2018Updated 7 years ago
- 🤖 A Discord Bot that helps with Action Items.☆18Dec 3, 2022Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- linux kernel event log collector by ebpf☆35Mar 6, 2024Updated 2 years ago
- Orbit: OS Support for Safe and Efficient Auxiliary Tasks in Applications☆22May 23, 2022Updated 3 years ago
- CNNVD 漏洞收集☆20Jul 18, 2023Updated 2 years ago
- ☆34May 19, 2019Updated 6 years ago
- Exploration project to invoke syscalls in arbitrary unix processes with ptrace.☆21Jun 14, 2023Updated 2 years ago
- Use on-demand control- data- flow slicing combined with taint analysis and symbolic execution to produce scalable and precise UB detectio…☆26Sep 5, 2021Updated 4 years ago
- Silm your kernel with better configuration.☆40May 3, 2024Updated 2 years ago