Infrastructure Policy

Steampipe

Query cloud APIs in real time using SQL.

An open-source tool that instantly queries cloud APIs using SQL, without needing to ETL data into a database.

View tool details →

oak9

Security as Code for Cloud-Native Applications.

An IaC security platform that helps developers build secure and compliant cloud native applications.

View tool details →

Checkov

Prevent cloud misconfigurations during build time.

An open-source static analysis tool for scanning Infrastructure as Code for misconfigurations and security vulnerabilities.

View tool details →

Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.

Finds vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.

View tool details →

Styra DAS

The Enterprise OPA Platform.

A management plane for Open Policy Agent (OPA) that provides centralized policy authoring, distribution, and monitoring.

View tool details →

Styra Declarative Authorization Service (DAS)

The unified authorization platform, powered by OPA.

An enterprise management plane for Open Policy Agent (OPA) to operationalize authorization and policy.

View tool details →

Prowler

Cloud security assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

An open-source security tool for AWS, Azure, and GCP that performs security assessments, audits, and hardening.

View tool details →

GitGuardian

The code security platform for the DevOps generation.

A platform that helps you detect and remediate secrets in your code and monitor your software supply chain.

View tool details →

Spacelift

The most flexible and compliant CI/CD for Infrastructure as Code.

A specialized CI/CD platform for Infrastructure as Code that provides automation, collaboration, and policy enforcement.

View tool details →

env0

The complete platform for managing Infrastructure as Code.

An automation platform for managing Terraform, Terragrunt, and other IaC workflows with governance and cost control.

View tool details →

Wiz

Secure everything you build and run in the cloud.

A CNAPP that provides full stack visibility, risk prioritization, and security for cloud environments.

View tool details →

Firefly

The Cloud Asset Management Platform.

A platform for managing cloud assets, discovering resources, and codifying infrastructure to manage drift and ensure governance.

View tool details →

Orca Security

Agentless Cloud Security and Compliance for AWS, Azure, and GCP.

An agentless CNAPP that provides comprehensive visibility and security for cloud environments without the need for per-asset agents.

View tool details →

SpectralOps

Automated code security for developers.

A developer-first security platform that scans code, configuration, and other assets for security issues.

View tool details →

CrowdStrike Falcon Cloud Security

Unified, code to cloud security.

A CNAPP that extends CrowdStrike's leading endpoint security to protect the entire cloud estate.

View tool details →

Pulumi

Create, deploy, and manage infrastructure on any cloud using your favorite languages.

An IaC platform that allows you to use general-purpose programming languages to provision and manage cloud infrastructure.

View tool details →

Pulumi CrossGuard

Policy as Code for the Cloud.

Define and enforce policies on your cloud infrastructure using familiar programming languages.

View tool details →

HashiCorp Sentinel

Policy as Code for Security, Compliance, and Operational Governance.

An embedded policy-as-code framework that integrates with the HashiCorp Enterprise platform.

View tool details →

Lacework

The data-driven cloud security platform.

A CNAPP that uses data and machine learning to provide automated threat detection, configuration compliance, and vulnerability management.

View tool details →

Datadog Cloud Security Management

Unified security and observability.

A security and compliance solution that provides threat detection, posture management, and IaC scanning within the Datadog platform.

View tool details →

Snyk IaC

Developer-first IaC security. Find and fix misconfigurations in Terraform, CloudFormation, Kubernetes, and more.

Developer-first IaC security tool that finds and fixes misconfigurations in Terraform, CloudFormation, Kubernetes, and more.

View tool details →

Snyk Infrastructure as Code

Developer-first security for your infrastructure as code.

Find and fix security issues in your Terraform, CloudFormation, Kubernetes, and ARM configurations.

View tool details →

Fugue

Cloud security posture management for the entire cloud development lifecycle.

A CNAPP that provides end-to-end security for cloud environments, from IaC to runtime.

View tool details →

Prisma Cloud (by Palo Alto Networks)

The most complete Cloud-Native Application Protection Platform (CNAPP).

Secures applications from code to cloud across multicloud environments.

View tool details →

Sysdig Secure

Secure your cloud from source to run.

A CNAPP built on a foundation of deep runtime visibility, powered by Falco.

View tool details →

Aqua Security Platform

Stop cloud native attacks.

The industry's most integrated Cloud Native Application Protection Platform (CNAPP).

View tool details →

Prisma Cloud

The comprehensive Cloud Native Application Protection Platform (CNAPP).

A unified security platform that protects applications from code to cloud, including IaC scanning, CSPM, and CWPP.

View tool details →

Sysdig

Secure and run cloud and containers with confidence.

A cloud security platform that provides deep visibility for securing and monitoring containers, Kubernetes, and cloud services.

View tool details →

Pulumi Policy as Code

Define and enforce policies on your cloud infrastructure.

An integrated policy as code solution for the Pulumi IaC platform.

View tool details →

KICS

Keeping Infrastructure as Code Secure.

An open-source static analysis tool that scans IaC for security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Aqua Security

Stop cloud native attacks.

A comprehensive CNAPP that secures the entire lifecycle of cloud native applications, including IaC scanning and runtime protection.

View tool details →

Tenable.cs

Secure your cloud infrastructure from build to runtime.

A cloud-native application protection platform (CNAPP) from Tenable.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

An open-source static code analyzer for IaC that helps developers build secure infrastructure from the start.

View tool details →

CloudQuery

The open source cloud asset inventory powered by SQL.

An open-source tool that extracts, transforms, and loads cloud asset configuration into SQL databases for analysis.

View tool details →

Regula

Checks infrastructure as code for security and compliance.

An open-source tool that checks Terraform, CloudFormation, and Kubernetes configurations for security and compliance issues using Rego.

View tool details →

Checkmarx KICS

Keeping Infrastructure as Code Secure.

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance.

A YAML-based DSL to define policies for managing cloud resources.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed for Kubernetes.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

View tool details →

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

View tool details →