The following are some tools you can use to perform security scans on your container images and running containers. These are useful for performing manual audits on existing container images, scanning images as part of a build pipeline, or actively monitoring containers running in production. These can all be implemented for free.

Docker Bench for Security

https://github.com/docker/docker-bench-security

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are based on the CIS Docker Benchmark v1.5.0.

Aquasecurity Trivy

https://github.com/aquasecurity/trivy

Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues. You can use https://github.com/aquasecurity/trivy-action to perform scans within your Github Actions workflows.

Anchore Grype

https://github.com/anchore/grype

A vulnerability scanner for container images and filesystems. You can use https://github.com/anchore/scan-action to perform scans within your Github Actions workflows.

Clair

https://github.com/quay/clair

Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including OCI and docker). AWS ECR basic scanning uses this project as its backend. You can use https://github.com/quay/clair-action to perform scans within your Github Actions workflows.

Sysdig Falco

https://github.com/falcosecurity/falco

Falco is a cloud native runtime security tool for Linux operating systems. It is designed to detect and alert on abnormal behaviour and potential security threats in real-time. Generally used for active monitoring with Kubernetes clusters, but you can also use it with ECS Fargate.

There are others out there, but these are ones I remember at the moment. If you know of any others, please add them.