GitOps Security

Datree

A CLI tool to prevent Kubernetes misconfigurations from reaching production.

A policy enforcement solution that helps developers and DevOps teams prevent Kubernetes misconfigurations by running automated checks on manifests and Helm charts.

View tool details →

Semgrep

Static analysis at ludicrous speed.

A fast, open-source, static analysis tool for finding bugs and enforcing code standards.

View tool details →

ARMO Platform

End-to-End Kubernetes Security, Built for Developers.

An enterprise platform built on top of Kubescape, providing centralized management, advanced features, and support for Kubernetes security.

View tool details →

Styra DAS

The authorization platform for the cloud-native world, built on Open Policy Agent (OPA).

An enterprise management plane for Open Policy Agent (OPA) that provides a control plane for authoring, distributing, and monitoring policies.

View tool details →

GitGuardian

The code security platform for the enterprise.

A platform that specializes in detecting and remediating secrets leaked in source code and other materials.

View tool details →

SpectralOps

Automated code security for developers.

A developer-first security tool that finds and fixes security issues in code, configurations, and other developer assets.

View tool details →

HashiCorp Vault

Manage secrets and protect sensitive data.

A tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates.

View tool details →

Sysdig

Secure every second.

A cloud security platform, powered by runtime insights, that helps teams find and fix security risks in the cloud.

View tool details →

Snyk

Developer security that helps you build secure applications and secure your cloud, from code to cloud.

A developer-first security platform for securing code, dependencies, containers, and Infrastructure as Code (IaC).

View tool details →

Prisma Cloud by Palo Alto Networks

The industry’s most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that provides security and compliance coverage from code to cloud.

View tool details →

Sysdig Secure

Threat detection and response, built on runtime insights.

A cloud security platform that provides threat detection, compliance, and vulnerability management based on deep runtime visibility.

View tool details →

Veracode

Secure your world.

A comprehensive application security platform that provides a full range of testing solutions, from static and dynamic analysis to software composition analysis.

View tool details →

Sonatype

The full-spectrum software supply chain management platform.

A platform focused on software supply chain management, providing tools to secure and manage open source components.

View tool details →

Prisma Cloud

The most complete Cloud Native Application Protection Platform (CNAPP).

A comprehensive CNAPP from Palo Alto Networks that provides security across the full lifecycle of cloud native applications.

View tool details →

Mend.io

Application Security without the chase.

An application security platform that automates the process of finding and fixing vulnerabilities in open source and custom code.

View tool details →

Checkmarx

Make security seamless. From code to cloud.

A comprehensive application security testing (AST) platform that provides SAST, SCA, IAST, and IaC security solutions.

View tool details →

Datadog Cloud Security Platform

Unified security for the entire cloud-native stack.

A security platform that provides threat detection, posture management, and vulnerability scanning in a single unified platform.

View tool details →

Aqua Security

Stop cloud native attacks.

A comprehensive cloud native application protection platform (CNAPP) that provides security from code to cloud.

View tool details →

JFrog Xray

Universal software composition analysis (SCA).

A universal software composition analysis (SCA) tool that integrates with JFrog Artifactory to scan for vulnerabilities and license compliance issues.

View tool details →

Checkov

Prevent cloud misconfigurations during build time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages.

An open-source static analysis tool for scanning infrastructure as code (IaC) to find misconfigurations.

View tool details →

Trivy

A comprehensive and versatile security scanner.

A simple and comprehensive vulnerability scanner for containers, IaC, and more.

View tool details →

KICS

Keeping Infrastructure as Code Secure.

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analyzer for Infrastructure as Code, scanning for security vulnerabilities and compliance violations.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed for Kubernetes that can validate, mutate, and generate configurations using policies.

View tool details →

Falco

The cloud-native runtime security project.

An open-source behavioral activity monitor designed to detect anomalous activity in applications.

View tool details →

Git-secrets

Prevents you from committing secrets and credentials into git repositories.

A tool by AWS Labs that prevents committing passwords and other sensitive information to a Git repository.

View tool details →

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

View tool details →

SOPS

Secrets OPerationS.

An open-source editor for encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

View tool details →

Bitnami Sealed Secrets

A Kubernetes controller and tool for one-way encrypted Secrets.

An open-source tool for encrypting Kubernetes Secrets so they can be safely stored in a public Git repository.

View tool details →

External Secrets Operator

Synchronize secrets from external APIs into Kubernetes.

A Kubernetes operator that reads information from external secret management systems and automatically injects it as Kubernetes Secrets.

View tool details →

OPA Gatekeeper

Policy Controller for Kubernetes.

Enforces policies on Kubernetes clusters using the Open Policy Agent (OPA).

View tool details →

Kubescape

The first tool for testing if Kubernetes is deployed securely according to multiple frameworks.

An open-source tool for testing if Kubernetes is deployed securely as defined by multiple frameworks.

View tool details →

Kube-bench

Checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

An open-source tool that checks whether Kubernetes is deployed according to security best practices from the CIS Benchmark.

View tool details →

Gitleaks

Audit git repos for secrets.

An open-source tool for detecting and preventing secrets in Git repositories.

View tool details →

Prowler

The most-used open source tool for AWS security.

An open-source security tool for AWS, Azure, and GCP to perform security assessments, audits, incident response, hardening, and forensics readiness.

View tool details →

KubeLinter

A static analysis tool that checks Kubernetes YAML files and Helm charts for production readiness and security.

An open-source static analysis tool for Kubernetes manifests and Helm charts, checking for best practices.

View tool details →