This repository contains a pragmatic container security framework mapped onto a memorable "Guardians of the Galaxy" crew metaphor. Each character archetype represents a critical defensive layer—supply chain integrity, runtime behavioral detection, zero‑trust networking, and observability—to help teams remember and implement comprehensive container security practices.
Slides can be found at chris-ayers.com/container-security
Hands-on walkthroughs live under demos/ for each Guardian archetype:
- demos/1-policy-guardrails/ – Star-Lord: Kyverno + Cosign admission enforcement
- demos/2-supply-chain-trust/ – Gamora: SBOM, scanning, signing pipeline
- demos/3-image-hardening/ – Rocket: Dockerfile before/after with Trivy diff
- demos/4-runtime-detection/ – Drax: Falco custom rule + controlled trigger
- demos/5-zero-trust-networking/ – Groot: Deny-by-default NetworkPolicies
- demos/6-observability-signals/ – Mantis: OTEL telemetry + Falco alert correlation
Feel free to connect with Chris Ayers on social media and visit his blog for more insights on DevOps, Azure, and container security.
- Twitter: @Chris_L_Ayers
- Mastodon: @Chrisayers@hachyderm.io
- LinkedIn: chris-l-ayers
- Blog: chris-ayers.com
- GitHub: Codebytes
This project is licensed under the MIT License. See the LICENSE file for details.
"We are Groot." – In security terms: we are stronger as interlocked layers, not isolated tools.