Skip to content

Add ReleaseRun K8s/Docker/Terraform browser-based security scanners#31

Open
Matheus-RR wants to merge 1 commit into4ndersonLin:masterfrom
Matheus-RR:master
Open

Add ReleaseRun K8s/Docker/Terraform browser-based security scanners#31
Matheus-RR wants to merge 1 commit into4ndersonLin:masterfrom
Matheus-RR:master

Conversation

@Matheus-RR
Copy link
Copy Markdown

@Matheus-RR Matheus-RR commented Mar 15, 2026

What this adds

Three browser-based security scanners for cloud-native infrastructure:

Container

  • K8s YAML Security Linter — Paste Kubernetes YAML, get an A-F security score. Checks 12 misconfigurations: runAsRoot, privileged containers, no resource limits, allowPrivilegeEscalation, readOnlyRootFilesystem, capability drops, hostNetwork/hostPID, hardcoded secrets in env vars, missing health probes, no seccomp profile.
  • Docker Compose Security Checker — Paste docker-compose.yml, checks for Docker socket mounts, privileged containers, network_mode: host, mutable image tags (:latest), database ports on 0.0.0.0, hardcoded secrets, no resource limits, missing healthchecks.

Infrastructure

  • Terraform Security Scanner — Paste .tf files, checks for hardcoded AWS credentials, SSH/database ports open to 0.0.0.0/0 (MySQL 3306, PostgreSQL 5432, Redis 6379, etc.), public S3 ACLs, missing aws_s3_bucket_public_access_block, RDS publicly_accessible = true, unencrypted RDS/EBS, deletion_protection = false, skip_final_snapshot = true.

All tools run entirely in the browser — no data sent to servers, no auth required.

ReleaseRun is a free developer tooling site focused on infrastructure health, EOL tracking, and upgrade safety.

@4ndersonLin 4ndersonLin requested a review from Copilot March 17, 2026 02:09
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds three new browser-based security scanning tools (Kubernetes YAML, Docker Compose, and Terraform) to the repository’s curated “Awesome Cloud Security” resource list.

Changes:

  • Added ReleaseRun Terraform Security Scanner under Infrastructure tools.
  • Added ReleaseRun Kubernetes YAML Security Linter under Tools listings.
  • Added ReleaseRun Docker Compose Security Checker under Tools listings.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

README.md Outdated
Comment on lines +74 to +75
* [ReleaseRun K8s YAML Security Linter](https://releaserun.com/tools/kubernetes-security-linter/): Browser-based Kubernetes YAML security scanner. Checks 12 misconfigurations (runAsRoot, privileged containers, missing resource limits, exposed secrets) and outputs an A-F grade with specific fixes.
* [ReleaseRun Docker Compose Security Checker](https://releaserun.com/tools/docker-compose-security/): Browser-based Docker Compose security scanner. Detects Docker socket mounts, privileged containers, hardcoded secrets in env vars, and database ports bound to 0.0.0.0.
README.md Outdated
* [aws_ir](https://github.com/ThreatResponse/aws_ir): Python installable command line utility for mitigation of instance and key compromises.
* [aws-firewall-factory](https://github.com/globaldatanet/aws-firewall-factory): Deploy, update, and stage your WAFs while managing them centrally via FMS.
* [aws-vault](https://github.com/99designs/aws-vault): A vault for securely storing and accessing AWS credentials in development environments.
* [ReleaseRun Terraform Security Scanner](https://releaserun.com/tools/terraform-security/): Browser-based .tf file security scanner. Checks for hardcoded AWS credentials, SSH/database ports open to 0.0.0.0/0, public S3 buckets, unencrypted RDS/EBS volumes, and missing deletion protection. A-F score with specific remediation.
@Matheus-RR
Copy link
Copy Markdown
Author

Matheus-RR commented Mar 23, 2026

Thanks for the Copilot review! I've updated the PR to address both issues:

  1. Removed duplicate K8s YAML and Docker Compose entries from Infrastructure (they now appear only in the Container section where they belong)
  2. Moved Terraform Security Scanner from the aws* block to after Open Policy Agent for correct alphabetical ordering (R comes after O, not between aws-vault and awspx)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Matheus-RR