Kubernetes Policy

Styra Declarative Authorization Service (DAS)

The Enterprise Control Plane for OPA.

An enterprise-grade control plane for Open Policy Agent (OPA) that provides a management and visibility layer for policy enforcement.

View tool details →

Fairwinds Insights

A complete platform for Kubernetes governance and security.

A software platform that helps you ship cloud-native applications faster and with more confidence by providing a unified view of your Kubernetes security, compliance, and cost.

View tool details →

Kubescape

The first open-source tool for testing if Kubernetes is deployed securely.

An open-source tool that provides risk analysis, security compliance, and misconfiguration scanning for Kubernetes.

View tool details →

Snyk

Developer security that works.

A developer-first security platform that helps you find and fix vulnerabilities in your code, open source dependencies, containers, and IaC.

View tool details →

Sysdig

Secure and run containers and cloud.

A cloud security platform that provides threat detection, compliance, and forensics for containers, Kubernetes, and cloud.

View tool details →

Prisma Cloud by Palo Alto Networks

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive cloud security platform that provides security and compliance coverage for the entire cloud-native application lifecycle.

View tool details →

Aqua Security

Pioneer in securing cloud native applications.

A comprehensive security platform for cloud-native applications, from development to production.

View tool details →

Rapid7 InsightCloudSec

Unified Cloud Security.

A Cloud-Native Application Protection Platform (CNAPP) that provides unified visibility, risk management, and compliance.

View tool details →

SUSE NeuVector

Full lifecycle container security.

A container security platform that provides vulnerability scanning, compliance, and zero-trust runtime security.

View tool details →

Zscaler

The Leader in Cloud Security.

A cloud security company providing a Zero Trust Exchange platform for secure access to applications and data.

View tool details →

Sysdig Secure

The real-time cloud defense platform.

A cloud-native security platform that provides threat detection, compliance, and forensics for containers, Kubernetes, and cloud.

View tool details →

Red Hat Advanced Cluster Security for Kubernetes (ACS)

Kubernetes-native security for the entire application lifecycle.

A Kubernetes-native security platform that protects applications across the build, deploy, and run phases.

View tool details →

NeuVector by SUSE

Full lifecycle container security.

A container security platform that provides deep visibility, vulnerability scanning, and run-time protection for Kubernetes.

View tool details →

Lacework

The data-driven cloud security platform.

A cloud security platform that provides automated threat detection, compliance, and visibility for cloud-native environments.

View tool details →

Zscaler Posture Control

An integrated solution to secure cloud-native applications.

A CNAPP that helps you secure your cloud-native applications by providing visibility, security, and compliance across your entire cloud environment.

View tool details →

Alcide

Kubernetes security from CI/CD to cluster.

A Kubernetes security platform that provides configuration and compliance scanning, as well as runtime security.

View tool details →

Calico

The standard for container network security and observability.

An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.

View tool details →

Tigera Calico

Industry standard for container network security and observability.

An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.

View tool details →

Datadog

See inside any stack, any app, at any scale, anywhere.

A monitoring and security platform for cloud applications, providing observability, security, and analytics.

View tool details →

Datadog Cloud Security Platform

Unified security for your entire cloud environment.

A comprehensive security solution that provides visibility, threat detection, and compliance monitoring for cloud-native environments.

View tool details →

K-Rail

A workload policy enforcement tool for Kubernetes.

An open-source policy enforcement tool for Kubernetes that helps you secure a multi-tenant cluster with minimal disruption.

View tool details →

MagTape

A Kubernetes admission controller for mutating and validating.

An open-source admission controller from T-Mobile for validating and mutating resources based on annotations.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

View tool details →

KubeLinter

A static analysis tool for Kubernetes YAML files and Helm charts.

An open-source static analysis tool that checks Kubernetes YAML files and Helm charts for security misconfigurations and adherence to best practices.

View tool details →

Checkov

Prevent cloud misconfigurations during build time.

A static code analysis tool for infrastructure as code (IaC) that scans for misconfigurations and security vulnerabilities.

View tool details →

jsPolicy

The Power of JavaScript for Kubernetes Policies.

An open-source policy engine for Kubernetes that allows users to write policies using JavaScript or TypeScript.

View tool details →

Cilium

eBPF-based Networking, Observability, and Security.

An open-source project providing networking, observability, and security for cloud-native environments using eBPF.

View tool details →

KubeArmor

Cloud-native Runtime Security Enforcement System.

A CNCF sandbox project that provides runtime security enforcement for Kubernetes using LSMs.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed specifically for Kubernetes that allows you to manage policies as Kubernetes resources.

View tool details →

Gatekeeper

Policy Controller for Kubernetes.

A customizable admission webhook for Kubernetes that enforces policies executed by the Open Policy Agent (OPA).

View tool details →

Open Policy Agent (OPA) / Gatekeeper

Policy-based control for cloud native environments.

A general-purpose policy engine that can be used across the stack. Gatekeeper is its specialized Kubernetes admission controller.

View tool details →

Polaris

An open source policy engine for Kubernetes.

An open-source tool that validates and enforces Kubernetes best practices, helping you avoid common configuration problems.

View tool details →

Falco

The cloud-native runtime security project.

An open-source runtime security tool that detects anomalous activity in your applications and containers.

View tool details →

Trivy

A simple and comprehensive vulnerability scanner for containers and other artifacts.

An open-source vulnerability scanner that can be used to scan container images, filesystems, and Git repositories for security issues.

View tool details →

Kube-bench

Checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

An open-source tool that checks whether your Kubernetes deployment meets the security recommendations of the CIS Kubernetes Benchmark.

View tool details →