Docker Sentinel - allows you to configure YAML policies which is integrated with Docker Daemon, allowing admins to manager what docker commands can be executed. It can be as granular as a specific cgroup property and also supports integration with secret scanning like trufflehog, vulnerability scanners like Grype, trivy etc. It is really fast and cannot be bypass byt regular users.