Lightweight container security auditor for Docker and Kubernetes
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Container Audit
Lightweight container security auditor for Docker and Kubernetes
โจ Features
Container Audit is a fast, lightweight security scanner that helps developers and DevSecOps teams identify misconfigurations in Docker and Kubernetes environments before they become vulnerabilities.
- ๐ณ Docker Security โ 14 checks covering privileged mode, capabilities, secrets, network exposure, and more
- โธ๏ธ Kubernetes Compliance โ Pod Security, RBAC, NetworkPolicy, and manifest best practices
- ๐ Secret Detection โ Scan files for leaked API keys, private keys, passwords, and connection strings
- ๐ Multiple Reports โ Terminal (Rich), JSON, and HTML output with dark theme
- โก Security Score โ 0-100 score based on severity-weighted findings
- ๐ CI/CD Ready โ Exit codes and JSON output for pipeline integration
๐ Quick Start
Installation
pip install container-audit
Or from source:
git clone https://github.com/HYMichellexdd/container-audit.git
cd container-audit
pip install -e ".[dev]"
Basic Usage
# Scan a running Docker container
container-audit docker my-container
# Scan a docker-compose file
container-audit compose docker-compose.yml
# Scan Kubernetes manifests
container-audit k8s ./k8s-manifests/
# Scan for secrets in source code
container-audit secrets ./src/
Output Formats
# JSON output (for CI/CD pipelines)
container-audit docker my-container -f json -o report.json
# HTML report (dark theme, great for sharing)
container-audit docker my-container -f html -o report.html
# Verbose terminal output with evidence
container-audit docker my-container -v
๐ Security Checks
Docker (14 checks)
| Check | Severity | Description |
|---|---|---|
DOCKER-001 |
๐ด CRITICAL | Privileged container detection |
DOCKER-002 |
๐ด CRITICAL | Docker socket mount detection |
DOCKER-003 |
๐ก MEDIUM | Running as root user |
DOCKER-004 |
๐ด HIGH | Dangerous capabilities (SYS_ADMIN, NET_ADMIN, etc.) |
DOCKER-005 |
๐ก MEDIUM | Ports exposed on 0.0.0.0 |
DOCKER-006 |
๐ด HIGH | Secrets in environment variables |
DOCKER-007 |
๐ต LOW | Writable root filesystem |
DOCKER-008 |
๐ก MEDIUM | Missing resource limits (memory/CPU/PIDs) |
DOCKER-009 |
๐ต LOW | No healthcheck configured |
DOCKER-010 |
๐ต LOW | AppArmor profile status |
DOCKER-011 |
๐ต LOW | Seccomp profile status |
DOCKER-012 |
๐ด HIGH | Host PID namespace sharing |
DOCKER-013 |
๐ก MEDIUM | Host IPC namespace sharing |
DOCKER-014 |
๐ด HIGH | Host network mode |
Kubernetes
| Check | Severity | Description |
|---|---|---|
K8S-PRIV-* |
๐ด CRITICAL | Privileged containers in workloads |
K8S-ROOT-* |
๐ก MEDIUM | Containers running as root |
K8S-CAPS-* |
๐ด HIGH | Dangerous capabilities added |
K8S-SA-TOKEN |
๐ก MEDIUM | ServiceAccount token auto-mounting |
K8S-HNET |
๐ด HIGH | Host network enabled |
K8S-HPID |
๐ด HIGH | Host PID namespace |
K8S-HOSTPATH |
๐ด HIGH | HostPath volumes mounted |
K8S-RBAC-* |
๐ด HIGH | Overprivileged RBAC rules |
K8S-NS-* |
๐ก MEDIUM | Namespace configuration checks |
K8S-ING-TLS-* |
๐ด HIGH | Ingress without TLS |
K8S-NP-* |
๐ก MEDIUM | NetworkPolicy validation |
Secrets Detection
| Pattern | Severity | Description |
|---|---|---|
| API Keys | ๐ด CRITICAL | Generic API key patterns |
| AWS Keys | ๐ด CRITICAL | AWS access/secret keys |
| GitHub Tokens | ๐ด CRITICAL | GitHub PATs and tokens |
| Private Keys | ๐ด CRITICAL | RSA/EC/DSA private keys |
| Passwords | ๐ด CRITICAL | Hardcoded passwords |
| Connection Strings | ๐ด CRITICAL | Database/message broker URIs |
| JWT Tokens | ๐ด CRITICAL | JSON Web Tokens |
| GCP/Azure | ๐ด CRITICAL | Cloud provider credentials |
๐ Report Example
โญโโโโโโโโโโโโ Security Report โโโโโโโโโโโโโฎ
โ Container Audit Report โ
โ Target: my-container โ
โ Scan Type: docker โ
โ Score: 35/100 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Summary โ
โโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโโโโโโโโค
โ Severity โ Failed โ Passed โ Warnings โ
โโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโผโโโโโโโโโโโโโโโโโโค
โ CRITICAL โ 2 โ 0 โ 0 โ
โ HIGH โ 3 โ 1 โ 0 โ
โ MEDIUM โ 2 โ 1 โ 1 โ
โ LOW โ 1 โ 2 โ 2 โ
โโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโโโโโโโโ
Findings:
โ CRITICAL Privileged container
โ Remove --privileged flag. Use specific capabilities instead.
โ CRITICAL Docker socket mounted
โ Avoid mounting Docker socket.
โ HIGH Dangerous capabilities added
โ Remove unnecessary capabilities.
โ HIGH Host PID namespace
โ MEDIUM Running as root
โ Set USER directive in Dockerfile.
๐ง CI/CD Integration
GitHub Actions
- name: Container Security Scan
run: |
pip install container-audit
container-audit docker ${{ env.IMAGE }} -f json -o scan-results.json
# Fail CI on critical findings
container-audit docker ${{ env.IMAGE }}
GitLab CI
security_scan:
image: python:3.12-slim
script:
- pip install container-audit
- container-audit k8s ./k8s/ -f json -o report.json
artifacts:
reports:
container_scanning: report.json
Exit Codes
| Code | Meaning |
|---|---|
0 |
No critical or high findings |
1 |
High severity findings present |
2 |
Critical severity findings present |
๐ก๏ธ Why Container Audit?
| Feature | Container Audit | Trivy | Grype | Snyk |
|---|---|---|---|---|
| Docker config audit | โ | โ | โ | โ |
| Compose file scan | โ | โ | โ | โ |
| K8s manifest check | โ | โ ๏ธ Limited | โ | โ ๏ธ Limited |
| Secret detection | โ | โ | โ | โ |
| CI/CD friendly | โ | โ | โ | โ |
| Zero dependencies | โ | โ | โ | โ |
| Lightweight (<1s) | โ | โ ๏ธ | โ | โ |
๐ Project Structure
container-audit/
โโโ container_audit/
โ โโโ __init__.py
โ โโโ cli.py # CLI entry point
โ โโโ scanner.py # Core scanning engine
โ โโโ utils.py # Shared utilities
โ โโโ checks/
โ โ โโโ docker.py # Docker security checks
โ โ โโโ kubernetes.py # K8s manifest checks
โ โ โโโ network.py # Network exposure checks
โ โ โโโ secrets.py # Secret detection
โ โโโ reporters/
โ โโโ console.py # Rich terminal output
โ โโโ json_out.py # JSON report
โ โโโ html_out.py # HTML report
โโโ tests/
โโโ .github/workflows/ci.yml
โโโ pyproject.toml
โโโ LICENSE
โโโ README.md
๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-check) - Commit your changes (
git commit -m 'Add amazing security check') - Push to the branch (
git push origin feature/amazing-check) - Open a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Links
Made with โค๏ธ by HYMichellexdd
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
container_audit-0.1.0.tar.gz
(22.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file container_audit-0.1.0.tar.gz.
File metadata
- Download URL: container_audit-0.1.0.tar.gz
- Upload date:
- Size: 22.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bdccfbfd7736d9460aaeb336846f6207ab0682329427f6d5e11447211461ea93
|
|
| MD5 |
55cd9ba4b14a27b6feb4f4bfc2ea052a
|
|
| BLAKE2b-256 |
38ab28c98602dfa885790a8a30c18f8f3c7f3a786c84fb58b25bd6d360dedb3a
|
Provenance
The following attestation bundles were made for container_audit-0.1.0.tar.gz:
Publisher:
publish.yml on HYMichellelxdd/container-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
container_audit-0.1.0.tar.gz -
Subject digest:
bdccfbfd7736d9460aaeb336846f6207ab0682329427f6d5e11447211461ea93 - Sigstore transparency entry: 1808476293
- Sigstore integration time:
-
Permalink:
HYMichellelxdd/container-audit@615f10bc9d45385c08ac7ecb45896c093d277402 -
Branch / Tag:
refs/tags/v0.1.2 - Owner: https://github.com/HYMichellelxdd
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@615f10bc9d45385c08ac7ecb45896c093d277402 -
Trigger Event:
release
-
Statement type:
File details
Details for the file container_audit-0.1.0-py3-none-any.whl.
File metadata
- Download URL: container_audit-0.1.0-py3-none-any.whl
- Upload date:
- Size: 22.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dae16e302d81544c96a3af1d83ff92fd249193c744c014f1a3ccbf2c2884388a
|
|
| MD5 |
d81538e75faf476f3e67008afc8778d8
|
|
| BLAKE2b-256 |
4c039e7adff63d46d71f50bb29538d9f144951564c01716ec8063319f975e892
|
Provenance
The following attestation bundles were made for container_audit-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on HYMichellelxdd/container-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
container_audit-0.1.0-py3-none-any.whl -
Subject digest:
dae16e302d81544c96a3af1d83ff92fd249193c744c014f1a3ccbf2c2884388a - Sigstore transparency entry: 1808476539
- Sigstore integration time:
-
Permalink:
HYMichellelxdd/container-audit@615f10bc9d45385c08ac7ecb45896c093d277402 -
Branch / Tag:
refs/tags/v0.1.2 - Owner: https://github.com/HYMichellelxdd
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@615f10bc9d45385c08ac7ecb45896c093d277402 -
Trigger Event:
release
-
Statement type:
