vault

Docker Official Image

Vault is a tool for securely accessing secrets via a unified interface and tight access control.

cert-manager-acmesolver

Docker Hardened Image

CA injector component for cert-manager

OpenSCAP

Docker Hardened Image

The OpenSCAP program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.

grafana/grafana

Grafana Labs

The official Grafana docker container

Trivy

Docker Hardened Image

Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.

Keycloak

Docker Hardened Image

Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort.

cert-manager-controller

Docker Hardened Image

Controller component for cert-manager

amazon/cloudwatch-agent

Amazon Web Services

Amazon CloudWatch Agent

External Secrets Operator

Docker Hardened Image

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, Akeyless, CyberArk Secrets Manager, Pulumi ESC and many more

Vault

Docker Hardened Image

Vault is a tool for securely accessing secrets.

lacework/datacollector

Lacework Inc

Lacework is cloud security for AWS, Azure, GCP and other public and private cloud.

Harbor Job Service is the asynchronous task execution component of Harbor registry that handles background operations like replication, garbage collection, vulnerability scanning, and retention policies.

nginxinc/nginx-unprivileged

NGINX Inc.

Unprivileged NGINX Dockerfiles

dynatrace/oneagent

Dynatrace

Non-immutable installer image for Dynatrace OneAgent

cert-manager-webhook

Docker Hardened Image

A minimal Cert Manager webhook image

Harbor Registry Control

Docker Hardened Image

A minimal HTTP service providing management APIs for Docker registry operations like garbage collection and health monitoring

clamav

Docker Hardened Image

ClamAV is an open source (GPLv2) anti-virus toolkit, designed especially for e-mail scanning on mail gateways.

cert-manager-cainjector

Docker Hardened Image

CA injector component cert-manager image

SPIFFE SPIRE Server

Docker Hardened Image

Central SPIRE control plane that issues and manages SPIFFE workload identities.

Kyverno

Docker Hardened Image

Kyverno is a Kubernetes-native policy engine for validating, mutating, and generating Kubernetes resources using YAML policies.

Istio Install CNI

Docker Hardened Image

Istio CNI installer image and daemonset for Kubernetes environments

kube-rbac-proxy

Docker Hardened Image

a small HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using SubjectAccessReview.

SPIFFE SPIRE Agent

Docker Hardened Image

Workload agent that attests to SPIRE Server and issues SPIFFE workload identities to local processes.

Kyverno Background Controller

Docker Hardened Image

Kyverno is a component that continuously monitors and enforces policies on existing resources in the cluster, ensuring ongoing compliance.

Istio Pilot

Docker Hardened Image

Istio control plane component that configures proxies and handles service discovery

Istioctl

Docker Hardened Image

Istioctl image for managing Istio deployments

Calico Kube Controllers

Docker Hardened Image

Calico controller manager that reconciles IPAM, network policy, and Calico CRD state.

Kyverno Cleanup Controller

Docker Hardened Image

Kyverno is a component that continuously monitors and enforces policies on existing resources in the cluster, ensuring ongoing compliance.

Kyverno Reports Controller

Docker Hardened Image

Kyverno Reports Controller is a component that continuously monitors and enforces policies on existing resources in a Kubernetes