Analysis tools logo

31 Containers Static Analysis Tools

Type:
Any
0

anchore

  • Type: cli
1503

Discover, analyze, and certify container images. A service that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and certification

0

chart-testing

  • Type: cli
858

ct is the the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch.

0

clair

  • Type: cli
9050

Vulnerability Static Analysis for Containers.

0

clusterlint

  • Type: cli
488

Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations.

0

Codeac

  • Type: service

Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)

0

CodeFlow

  • Type: service

Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)

0

dagda

  • Type: cli
1000

Perform static analysis of known vulnerabilities in docker images/containers.

0

Datree

  • Type: cli
5938

A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies

0

DeepSource

  • Type: service

In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.

0

Docker Label Inspector

  • Type: cli
79

Lint and validate Dockerfile labels.

0

collector

  • Type: cli
288

Run arbitrary scripts inside containers, and gather useful information.

0

Haskell Dockerfile Linter

  • Type: cli
7523

A smarter Dockerfile linter that helps you build best practice Docker images.

0

kics

  • Type: cli
1206

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible

0

kube-lint

  • Type: cli
158

A linter for Kubernetes resources with a customizable rule set. You define a list of rules that you would like to validate against your resources and kube-lint will evaluate those rules against them.

0

kube-score

  • Type: cli
1929

Static code analysis of your Kubernetes object definitions.

0

kubeconform

  • Type: cli
676

A fast Kubernetes manifests validator with support for custom resources. It is inspired by, contains code from and is designed to stay close to [Kubeval](https://analysis-tools.dev/tool/kubeval), but with the following improvements: * high performance: will validate & download manifests over multiple routines, caching downloaded files in memory * configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities * uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes.

0

KubeLinter

  • Type: cli
2058

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

0

kubeval

  • Type: cli
2961

Validates your Kubernetes configuration files and supports multiple Kubernetes versions.

0

Offensive 360

  • Type: web

Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.

0

OpenSCAP

  • Type: cli
975

Suite of automated audit tools to examine the configuration and known vulnerabilities following the NIST-certified Security Content Automation Protocol (SCAP).

0

kube-linter

  • Type: cli
2058

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

0

Qualys Container Security

  • Type: service

Container native application protection to provide visibility and control of containerized applications.

0

ShiftLeft Scan

  • Type: cli
  • Type: service
527

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

0

Snyk

  • Type: service

Vulnerability scanner for dependencies of node.js apps (free for Open Source Projects).

0

sysdig

  • Type: service

A secure DevOps platform for cloud and container forensics. Built on an open source stack, Sysdig provides Docker image scanning and created Falco, the open standard for runtime threat detection for containers, Kubernetes and cloud.

0

ThreatMapper

  • Type: service
  • Type: web
2165

Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit.

0

trivy

  • Type: cli
14090

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.

0

Vuls

  • Type: cli
9534

Agent-less Linux vulnerability scanner based on information from NVD, OVAL, etc. It has some container image support, although is not a container specific tool.

❤️ Sponsor this project

We are currently looking for partners who want to sponsor hosting and development of the project.

Check out our Github Sponsors page here

Missing an entry? Please let us know.