This tool set can generate SECCOMP profiles for Docker images. It mainly relies on static analysis, making its results more reliable than currently available tools.
☆71May 3, 2022Updated 4 years ago
Alternatives and similar repositories for confine
Users that are interested in confine are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This is the repository for the code and artifacts related to the CCS2022 paper: C2C: Fine-grained Configuration-driven System Call Filter…☆11Nov 4, 2022Updated 3 years ago
- This repository contains the source code related to the research paper titled "Temporal System Call Specialization for Attack Surface Red…☆40Nov 14, 2024Updated last year
- Analysis of syscall sequence pattern from exploit codes for advanced system call sequence filtering for enhanced container security☆16May 21, 2023Updated 3 years ago
- ☆11Feb 22, 2016Updated 10 years ago
- ☆25Jun 2, 2024Updated 2 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- agent for handling seccomp descriptors for container runtimes☆47Feb 1, 2024Updated 2 years ago
- This tool set can generate required capabilities for binaries. A system call to capability mapping is used to assign capability to the bi…☆14Oct 26, 2022Updated 3 years ago
- ☆13Oct 17, 2021Updated 4 years ago
- BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.☆59Jun 30, 2022Updated 3 years ago
- Rust Language Bindings for the libseccomp Library☆47Jun 19, 2026Updated last week
- ☆27Nov 16, 2021Updated 4 years ago
- Kernel isolation tester.☆18Oct 20, 2022Updated 3 years ago
- OCI hook to trace syscalls and generate a seccomp profile☆348Jun 18, 2026Updated last week
- Hodor for node.js☆15Jun 18, 2023Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆13Apr 9, 2022Updated 4 years ago
- Go library for installing a seccomp BPF system call filter.☆98Jun 22, 2026Updated last week
- Generate an application profile containing metrics/properties for Kubernetes workloads based on runtime behavior.☆14Oct 1, 2024Updated last year
- Provides easy-to-use Linux seccomp-bpf jailing.☆120Jun 1, 2026Updated 3 weeks ago
- Waffle is a library for integrating a Web Application Firewall (WAF) into Go applications.☆19Updated this week
- ☆16Sep 29, 2022Updated 3 years ago
- Example BPF program with LSM hooks☆36Feb 24, 2021Updated 5 years ago
- evolution of extant software☆24Jan 24, 2018Updated 8 years ago
- Lepus-CTF frontend application☆11Nov 2, 2015Updated 10 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Automatic AppArmor management for Docker containers☆16Jul 22, 2023Updated 2 years ago
- ☆22May 22, 2026Updated last month
- A command line tool to automatically generate seccomp profiles.☆27Apr 29, 2021Updated 5 years ago
- Static Binary Analysis Framework☆38May 28, 2026Updated last month
- DSL language to write seccomp filters☆37May 3, 2026Updated last month
- ☆40Feb 15, 2022Updated 4 years ago
- some kernel exploit challenges and cve analysis☆26Nov 30, 2018Updated 7 years ago
- ☆27Nov 24, 2021Updated 4 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆153Feb 16, 2022Updated 4 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- ☆38Feb 6, 2021Updated 5 years ago
- Orbit: OS Support for Safe and Efficient Auxiliary Tasks in Applications☆22May 23, 2022Updated 4 years ago
- ☆34May 19, 2019Updated 7 years ago
- Exploration project to invoke syscalls in arbitrary unix processes with ptrace.☆21Jun 14, 2023Updated 3 years ago
- BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation☆31Feb 26, 2021Updated 5 years ago
- Tool to trace ARM Cortex-M assembly instructions and extract arguments to configuration APIs (supervisor calls or function calls).☆31Jun 2, 2026Updated 3 weeks ago
- CNNVD 漏洞收集☆21Jul 18, 2023Updated 2 years ago