Varunastra: Securing the Depths of Docker V2

Host: Black Hat USA 2025
Location: Business Hall, Arsenal Station 8, Las Vegas, NV, USA
Audience: Security Engineers, DevSecOps, Developers, Container Security teams
Duration: 55 minutes

Co-presenters Devang Solanki

Black Hat Arsenal session for Varunastra, a Docker security tool presented with Devang Solanki.

Docker has revolutionized how developers build, ship, and run applications, providing a consistent environment for software to run across various platforms. Its lightweight, containerized approach has made it an indispensable tool in modern DevOps practices. However, with its growing popularity, Docker has become a target for security vulnerabilities. Misconfigurations, exposed secrets, and unpatched dependencies are common issues that can lead to significant security breaches.

Introducing Varunastra, an innovative tool designed to enhance the security of Docker environments. Named after The Varunastra (वरुणास्त्र), the water weapon according to Indian scriptures, incepted by Varuna, god of the hydrosphere. Varunastra is engineered to detect and help mitigate vulnerabilities in Docker, ensuring robust security across Docker containers and images.

Key features of Varunastra:

Secret detection
CVE scanning
Dependency confusion prevention
Asset extraction
SAST scans of source code
HTML report generation

In a world where security threats are constantly evolving, Varunastra stands as a guardian, ensuring that Docker environments remain fortified against leaked secrets, vulnerabilities, and dependency threats.

Kumar Ashwin