Whether you’re in school, self-taught, or coming from another field — post your favorite courses, YouTube channels, or study groups for security. Let’s help each other grow.
Hi @Bodhi
I am Rupesh and currently Developing a Java based docker container security analysis tool using sysdig to trace native method usage and generate seccomp syscall profiles for container hardening.
• Extracted native dependencies from JARs and binaries found by sysdig during contianer startup, mapped syscalls from Java to kernel level, and automated least-privilege sandboxing.
• Reduced container attack surface by linking application behavior to actual syscall requirements during runtime by static analysis.
This is really interesting work, @Rupesh
I would love to hear more about what inspired you to build this and what you learned along the way. It also sounds like something that could help other teams.
Really great work, and I am excited to see where you take this project next!
-Bodhi
Hey @Bodhi
Checkout the project I have build
I Built EchoTrace, a hybrid static/dynamic analysis toolchain that automatically generates least-privilege seccomp profiles for containerized Java applications, reducing allowed syscalls by ~50% from the default Docker seccomp profile by resolving the full path from native methods to system calls.
I have used sysdig for the dynamic analysis