Analyze binaries and containers to extract and disassemble seccomp-bpf profiles. This tools is designed to help you determine whether or not a given seccomp-bpf profile is more or less constrained than others as well as give you the ground truth for the filters applied to a process.

A full stack web application that combines many tools and services for security analysts into a single tool.

Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel.

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks.

copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images without full rebuilds. copa can also patch container images using the vulnerability scanning results from popular tools like Trivy.

A dead simple tool to sign files and verify digital signatures.

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders

A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception

Produce secure packages and containers with declarative configurations

SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.