// Container Security Tools

CleanStart Tools
by Mehrab Rahman

Three tools built in 48 hours to demonstrate product intuition for CleanStart's container security platform — and to fill gaps that don't yet exist in the market.

mehrabr.com · github.com/mehrabr/cleanstart-demos · Built June 2026
// Interactive Demos
⬡ Live Demo
Container Security Analyzer
Enter any public Docker image and see a simulated CVE scan — critical/high/medium breakdown, size comparison, SBOM component list, and the one-line Dockerfile fix. The before/after that sells itself in a customer PoC.
CVE comparison SBOM viewer Pipeline diagram Cosign verification
Open demo → View source
⬡ Live Demo
Sandbox Environment Security Dashboard
Simulates the real-time security monitoring layer I built for containerized training environments at Revature. 24 student containers, live boundary event log, per-container CVE drill-down, and the CleanStart remediation for each. Shows the operational problem CleanStart solves from the inside.
Multi-cohort Escape detection seccomp profiles RBAC isolation
Open demo → View source
// MCP Server
⬡ Open Source Tool
cleanstart-mcp
A Model Context Protocol server that executes AI agent code inside CleanStart hardened containers — not public base images. Every existing MCP sandbox defaults to python:3.11, node:20, etc. This one defaults to cleanstart/*. Zero CVEs in the sandbox itself.
View on GitHub →
# Install git clone https://github.com/mehrabr/cleanstart-mcp cd cleanstart-mcp && npm install # Add to Claude Desktop (~/.../Claude/claude_desktop_config.json) { "mcpServers": { "cleanstart": { "command": "node", "args": ["/path/to/cleanstart-mcp/server.mjs"] } } } # Ask Claude: "Run this Python code in a CleanStart container" # → executes inside cleanstart/python:latest · 0 CVEs · all caps dropped

Why? CleanStart has 4 public GitHub repos and no interactive comparison tooling. Chainguard has backend data pipelines and static comparison docs — but no browser-based demo a prospect can open in 30 seconds. These fill that gap.