vault

Docker Official Image

Vault is a tool for securely accessing secrets via a unified interface and tight access control.

cert-manager-acmesolver

Docker Hardened Image

CA injector component for cert-manager

OpenSCAP

Docker Hardened Image

The OpenSCAP program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.

grafana/grafana

Grafana Labs

The official Grafana docker container

bitnami/postgresql

VMware

Bitnami Secure Image for postgresql

Keycloak

Docker Hardened Image

Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort.

bitnami/sealed-secrets-controller

VMware

Bitnami container image for Sealed Secrets

Trivy

Docker Hardened Image

Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.

cert-manager-controller

Docker Hardened Image

Controller component for cert-manager

amazon/cloudwatch-agent

Amazon Web Services

Amazon CloudWatch Agent

lacework/datacollector

Lacework Inc

Lacework is cloud security for AWS, Azure, GCP and other public and private cloud.

External Secrets Operator

Docker Hardened Image

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, Akeyless, CyberArk Secrets Manager, Pulumi ESC and many more

nginxinc/nginx-unprivileged

NGINX Inc.

Unprivileged NGINX Dockerfiles

dynatrace/oneagent

Dynatrace

Non-immutable installer image for Dynatrace OneAgent

Vault

Docker Hardened Image

Vault is a tool for securely accessing secrets.

Harbor Job Service is the asynchronous task execution component of Harbor registry that handles background operations like replication, garbage collection, vulnerability scanning, and retention policies.

clamav

Docker Hardened Image

ClamAV is an open source (GPLv2) anti-virus toolkit, designed especially for e-mail scanning on mail gateways.

cert-manager-webhook

Docker Hardened Image

A minimal Cert Manager webhook image

bitnami/mariadb

VMware

Bitnami Secure Image for mariadb

Harbor Registry Control

Docker Hardened Image

A minimal HTTP service providing management APIs for Docker registry operations like garbage collection and health monitoring

cert-manager-cainjector

Docker Hardened Image

CA injector component cert-manager image

Kyverno

Docker Hardened Image

Kyverno is a Kubernetes-native policy engine for validating, mutating, and generating Kubernetes resources using YAML policies.

SPIFFE SPIRE Server

Docker Hardened Image

Central SPIRE control plane that issues and manages SPIFFE workload identities.

Istio Install CNI

Docker Hardened Image

Istio CNI installer image and daemonset for Kubernetes environments

Kyverno Background Controller

Docker Hardened Image

Kyverno is a component that continuously monitors and enforces policies on existing resources in the cluster, ensuring ongoing compliance.

kube-rbac-proxy

Docker Hardened Image

a small HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using SubjectAccessReview.

Istio Pilot

Docker Hardened Image

Istio control plane component that configures proxies and handles service discovery

SPIFFE SPIRE Agent

Docker Hardened Image

Workload agent that attests to SPIRE Server and issues SPIFFE workload identities to local processes.

Istioctl

Docker Hardened Image

Istioctl image for managing Istio deployments