Kubernetes Policy
Compare 42 kubernetes policy tools to find the right one for your needs
🔧 Tools
Compare and find the best kubernetes policy for your needs
Styra Declarative Authorization Service (DAS)
An enterprise-grade control plane for Open Policy Agent (OPA) that provides a management and visibility layer for policy enforcement.
Fairwinds Insights
A software platform that helps you enforce policies, detect misconfigurations, and manage security risks in your Kubernetes clusters.
Kubescape
An open-source Kubernetes security platform that provides configuration scanning based on multiple frameworks, including NSA-CISA, MITRE ATT&CK, and CIS.
Snyk
A developer-first security platform that helps you find and fix vulnerabilities in your code, open source dependencies, containers, and IaC.
Sysdig
A cloud security platform that provides threat detection, compliance, and forensics for containers, Kubernetes, and cloud.
Prisma Cloud by Palo Alto Networks
A comprehensive cloud security platform that provides security and compliance coverage for the entire cloud-native application lifecycle.
Aqua Security
A comprehensive security platform for Kubernetes, offering runtime protection, vulnerability scanning, and compliance management.
Rapid7 InsightCloudSec
A Cloud-Native Application Protection Platform (CNAPP) that provides unified visibility, risk management, and compliance.
SUSE NeuVector
A container security platform that provides vulnerability scanning, compliance, and zero-trust runtime security.
Zscaler
A cloud security company providing a Zero Trust Exchange platform for secure access to applications and data.
Datree
A command-line tool that helps you prevent misconfigurations in your Kubernetes manifests by running automated checks.
Red Hat Advanced Cluster Security for Kubernetes
A Kubernetes-native security platform that provides a holistic view of your clusters and helps enforce policies across the build, deploy, and runtime stages.
Lacework
A cloud security platform that provides automated threat detection, compliance, and visibility for cloud-native environments.
NeuVector by SUSE
A container security platform that provides deep visibility, vulnerability scanning, and run-time protection for Kubernetes.
Red Hat Advanced Cluster Security for Kubernetes (ACS)
A Kubernetes-native security platform that protects applications across the build, deploy, and run phases.
Sysdig Secure
A unified security and visibility platform for containers and Kubernetes, offering runtime security, vulnerability management, and compliance.
Calico
An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.
Palo Alto Networks Prisma Cloud
A comprehensive cloud security platform that provides security and compliance coverage for hosts, containers, and serverless, from development to production.
Alcide
A Kubernetes security platform that provides configuration and compliance scanning, as well as runtime security.
Zscaler Posture Control
A CNAPP that helps you secure your cloud-native applications by providing visibility, security, and compliance across your entire cloud environment.
Tigera Calico
An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.
Datadog Cloud Security Platform
A unified platform that brings together security, monitoring, and observability for cloud-native environments.
Datadog
A monitoring and security platform for cloud applications, providing observability, security, and analytics.
K-Rail
An open-source policy enforcement tool for Kubernetes that helps you secure a multi-tenant cluster with minimal disruption.
KubeArmor
A CNCF sandbox project that provides runtime security enforcement for Kubernetes using LSMs.
Cilium
An open-source project that provides networking, observability, and security for cloud-native environments using eBPF.
MagTape
An open-source admission controller from T-Mobile for validating and mutating resources based on annotations.
jsPolicy
An open-source policy engine for Kubernetes that lets users build policies using JavaScript or TypeScript.
Checkov
A static code analysis tool that scans infrastructure as code (IaC) for misconfigurations.
Gatekeeper
A customizable admission webhook for Kubernetes that enforces policies executed by the Open Policy Agent (OPA).
KubeLinter
An open-source command-line tool that spots misconfigurations in Kubernetes objects by reviewing YAML files and Helm charts.
Open Policy Agent (OPA) / Gatekeeper
A general-purpose policy engine that can be used across the stack. Gatekeeper is its specialized Kubernetes admission controller.
Falco
An open-source runtime security tool that detects unexpected application behavior, configuration changes, and security events in Kubernetes clusters.
Trivy
A comprehensive, open-source vulnerability scanner for containers and other artifacts, and can identify misconfigurations in Kubernetes manifests.
Kube-bench
An open-source tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
Kyverno
A policy engine designed specifically for Kubernetes that uses simple YAML configurations to define and enforce policies.
Polaris
An open-source tool that runs a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices.
Open Policy Agent (OPA)
An open-source, general-purpose policy engine that can be used to enforce policies across the stack.
Terrascan
An open-source static code analyzer that scans infrastructure as code (IaC) for security vulnerabilities and compliance violations.
Kube-hunter
An open-source tool that runs penetration tests on Kubernetes clusters to discover security vulnerabilities.
Kube-scan
An open-source tool that scans Kubernetes clusters for risks and provides a risk score for each workload.
Kube-score
An open-source tool that performs static analysis of Kubernetes object definitions to find security and reliability issues.