WUD (aka What's up Docker?) gets you notified when a new version of your Docker Container is available. 

DarkFlare Firewall Piercing (TCP over CDN) 

It has two parts: a client-side proxy (darkflare-client) that encodes TCP data into HTTPS requests and sends it to a Cloudflare-protected domain, and a server-side proxy (darkflare-server) that decodes the requests and forwards the data to a local service (like SSH on port 22). It’s protocol-agnostic, secure, and uses Cloudflare's encrypted infrastructure, making it stealthy and scalable for accessing internal resources or bypassing network restrictions.

Analyze binaries and containers to extract and disassemble seccomp-bpf profiles. This tools is designed to help you determine whether or not a given seccomp-bpf profile is more or less constrained than others as well as give you the ground truth for the filters applied to a process.

A full stack web application that combines many tools and services for security analysts into a single tool.

Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel.

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks.

copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images without full rebuilds. copa can also patch container images using the vulnerability scanning results from popular tools like Trivy.

A dead simple tool to sign files and verify digital signatures.

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders

A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception

Produce secure packages and containers with declarative configurations