Kubernetes Security

Doppler

The secret of great software.

A universal secrets manager that helps developers and security teams manage secrets across all environments.

View tool details →

Styra Declarative Authorization Service (DAS)

Unified policy management across the cloud-native stack.

An enterprise management plane for Open Policy Agent (OPA).

View tool details →

ARMO (Kubescape)

End-to-End Open Source Kubernetes Security.

An open-source Kubernetes security platform for risk analysis, compliance, and misconfiguration scanning.

View tool details →

Wiz

The Cloud Security Platform.

A cloud security platform that provides complete visibility and context into your cloud environment to help you identify and remediate the most critical risks.

View tool details →

Styra Declarative Authorization Service (DAS)

The Enterprise Control Plane for OPA.

An enterprise-grade control plane for Open Policy Agent (OPA) that provides a management and visibility layer for policy enforcement.

View tool details →

Lacework

The data-driven cloud security platform.

A CNAPP that uses anomaly detection to identify threats across cloud environments.

View tool details →

StrongDM

The People-First Access Platform.

A platform that manages and audits access to databases, servers, clusters, and web apps.

View tool details →

Fairwinds Insights

A complete platform for Kubernetes governance and security.

A software platform that helps you enforce policies, detect misconfigurations, and manage security risks in your Kubernetes clusters.

View tool details →

SentinelOne

AI-Powered Enterprise Cybersecurity Platform.

An autonomous AI-driven cybersecurity platform for endpoint, cloud, and identity.

View tool details →

CrowdStrike Falcon Cloud Security

Total protection for the cloud generation.

A unified platform that provides comprehensive protection for the entire cloud estate, from development to production.

View tool details →

Teleport

The Infrastructure Identity Company, modernizing identity, access, and policy for infrastructure.

An identity-native infrastructure access platform.

View tool details →

Sysdig

Cloud security powered by runtime insights.

A cloud security platform that provides threat detection, compliance, and forensics.

View tool details →

Kubescape

The first open-source tool for testing if Kubernetes is deployed securely.

An open-source Kubernetes security platform that provides configuration scanning based on multiple frameworks, including NSA-CISA, MITRE ATT&CK, and CIS.

View tool details →

Akeyless Vault Platform

One Platform for Secrets Management, Secure Remote Access, and Zero Trust.

A unified, SaaS-based platform for secrets management, secure remote access, and data protection.

View tool details →

CrowdStrike Falcon Cloud Security

Modern Security From Code to Cloud.

A unified platform for complete code-to-cloud protection.

View tool details →

Orca Security

The cloud security platform you can build on.

An agentless cloud security platform that provides 100% visibility into your cloud environment and identifies risks without the need for agents.

View tool details →

Snyk

AI-powered Developer Security Platform.

Helps developers find and fix vulnerabilities in code, dependencies, containers, and IaC.

View tool details →

Open Policy Agent (OPA)

Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

An open-source, general-purpose policy engine for unified policy enforcement.

View tool details →

Infisical

The open source secret management platform.

An open-source platform to centralize secrets like API keys, database credentials, and configurations.

View tool details →

Wiz

The unified cloud security platform with prevention and response capabilities.

A CNAPP that provides full-stack visibility and risk context for cloud environments.

View tool details →

Uptycs

The cloud native security analytics platform.

A security analytics platform that provides unified visibility, threat detection, and compliance for your entire IT environment.

View tool details →

Snyk

Developer security that works.

A developer-first security platform that helps you find and fix vulnerabilities in your code, open source dependencies, containers, and IaC.

View tool details →

Tufin

Simplifying Network Complexity.

A security policy management company specializing in automation.

View tool details →

Kyverno

Cloud Native Policy Management.

A policy engine designed specifically for Kubernetes.

View tool details →

Keeper Secrets Manager

Zero-trust and zero-knowledge security for your infrastructure.

A fully managed, cloud-based solution for securing infrastructure secrets such as API keys, database passwords, and access keys.

View tool details →

Uptycs

Secure Everything from Dev to Runtime.

A unified CNAPP and XDR platform for cloud, container, and endpoint security.

View tool details →

Dynatrace Application Security

Precise risk and impact analysis, in context.

An application security solution that provides visibility, threat detection, and response for cloud-native applications.

View tool details →

NeuVector

Full Lifecycle Container Security

A container security platform providing deep visibility, vulnerability scanning, and run-time protection.

View tool details →

Sysdig

Secure and run containers and cloud.

A cloud security platform that provides threat detection, compliance, and forensics for containers, Kubernetes, and cloud.

View tool details →

rbac-manager

A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.

An open-source Kubernetes operator for simplified RBAC management.

View tool details →

1Password Secrets

Secure your infrastructure secrets, from development to production.

A secrets management solution from the popular password manager 1Password, designed for developers and DevOps teams.

View tool details →

Datadog Cloud Security Platform

Unified security and observability.

Provides security monitoring and threat detection integrated with its observability platform.

View tool details →

Snyk

Developer security that works.

A developer-first security platform for finding and fixing vulnerabilities in code, dependencies, and containers.

View tool details →

Datadog Cloud Security Platform

Security and observability, unified.

Provides a unified platform for security, compliance, and threat detection in the cloud.

View tool details →

Prisma Cloud by Palo Alto Networks

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive cloud security platform that provides security and compliance coverage for the entire cloud-native application lifecycle.

View tool details →

Teleport

The easiest, most secure way to access all your infrastructure.

An identity-native infrastructure access platform for engineers and security professionals.

View tool details →

Rapid7 InsightCloudSec

Unified Cloud Native Security

A CNAPP for managing security, compliance, and governance from development to production.

View tool details →

Orca Security

The industry-leading Cloud Security Solution.

An agentless CNAPP that provides full-stack visibility into cloud environments.

View tool details →

Sysdig Secure

Cloud security, powered by runtime insights.

A comprehensive cloud-native application protection platform (CNAPP) that provides security from source to run.

View tool details →

Aqua Security

Pioneer in securing cloud native applications.

A comprehensive security platform for Kubernetes, offering runtime protection, vulnerability scanning, and compliance management.

View tool details →

HashiCorp Vault

Secure, store, and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data.

A tool for managing secrets and protecting sensitive data. It provides a centralized service to manage secrets across applications, systems, and infrastructure.

View tool details →

VMware Carbon Black

Cloud Native Detection and Response

An endpoint and workload protection platform.

View tool details →

Lacework

The data-driven cloud security platform.

A CNAPP that uses behavioral analytics to detect threats across cloud environments.

View tool details →

Zscaler for Workloads

Zero trust security for cloud workloads.

A cloud security solution that provides zero trust security for cloud workloads.

View tool details →

Rapid7 InsightCloudSec

Unified Cloud Security.

A Cloud-Native Application Protection Platform (CNAPP) that provides unified visibility, risk management, and compliance.

View tool details →

Snyk Container

Find and fix vulnerabilities in containers and Kubernetes.

A developer-friendly tool for finding and fixing vulnerabilities in container images and Kubernetes applications.

View tool details →

Delinea Secret Server

Enterprise-grade privileged access management.

A solution for storing, managing, and auditing privileged accounts and credentials.

View tool details →

Dynatrace

Unified observability and security.

A software intelligence platform for observability, AIOps, and application security.

View tool details →

SUSE NeuVector

Full lifecycle container security.

A container security platform that provides vulnerability scanning, compliance, and zero-trust runtime security.

View tool details →

Aqua Security

The Cloud Native Application Protection Platform (CNAPP)

Provides a full lifecycle security solution for cloud-native applications.

View tool details →

Lacework

The data-driven cloud security platform.

A cloud security platform that provides automated threat detection, configuration compliance, and workload protection for cloud-native environments.

View tool details →

AWS Secrets Manager

Securely store, manage, and retrieve secrets.

A secrets management service that helps you protect access to your applications, services, and IT resources.

View tool details →

Sysdig

Cloud Security Starts at Runtime.

A cloud-native security platform for containers, Kubernetes, and cloud services.

View tool details →

Palo Alto Networks Prisma Cloud

The most complete Cloud Native Application Protection Platform (CNAPP).

A comprehensive CNAPP for code-to-cloud security in any cloud environment.

View tool details →

Zscaler

The Leader in Cloud Security.

A cloud security company providing a Zero Trust Exchange platform for secure access to applications and data.

View tool details →

Datree

Prevent misconfigurations from reaching production.

A command-line tool that helps you prevent misconfigurations in your Kubernetes manifests by running automated checks.

View tool details →

Deepfence ThreatMapper

Modern, cloud native security observability platform.

An open-source platform that provides security observability for cloud-native applications, from development to production.

View tool details →

Armo Kubescape

The open source Kubernetes security platform.

An open-source platform for testing if Kubernetes is deployed securely.

View tool details →

Cilium

eBPF-based Networking, Observability, and Security.

An open-source project that provides networking, observability, and security for cloud-native environments using eBPF.

View tool details →

SentinelOne Singularity Cloud Security

Autonomous security for the cloud.

A cloud-native application protection platform (CNAPP) that provides unified visibility, threat protection, and response for cloud workloads.

View tool details →

Deepfence ThreatStryker

Cloud native security observability platform.

An open-source security observability platform that provides visibility, threat detection, and compliance for cloud-native environments.

View tool details →

Illumio

The Zero Trust Segmentation Company.

Provides zero trust segmentation to stop the spread of breaches and ransomware.

View tool details →

Twistlock

Now part of Prisma Cloud.

A comprehensive security platform for containers, serverless, and cloud-native applications, now part of Prisma Cloud.

View tool details →

StackRox

The open source Kubernetes security platform.

An open-source, Kubernetes-native security platform, the upstream project for Red Hat Advanced Cluster Security.

View tool details →

Snyk

Developer security.

A developer-first security platform that helps you find and fix vulnerabilities in your code, open source dependencies, containers, and infrastructure as code.

View tool details →

Rapid7 InsightCloudSec

Unified cloud security and compliance.

A cloud-native security platform that provides unified visibility, security, and compliance across multi-cloud environments.

View tool details →

Datadog Cloud Security Management

Unified security and observability.

A cloud security platform that combines security and observability to provide deep visibility and threat detection for cloud-native environments.

View tool details →

Sysdig Secure

The real-time cloud defense platform.

A unified security and visibility platform for containers and Kubernetes, offering runtime security, vulnerability management, and compliance.

View tool details →

Red Hat Advanced Cluster Security for Kubernetes (ACS)

Kubernetes-native security for the entire application lifecycle.

A Kubernetes-native security platform that protects applications across the build, deploy, and run phases.

View tool details →

NeuVector by SUSE

Full lifecycle container security.

A container security platform that provides deep visibility, vulnerability scanning, and run-time protection for Kubernetes.

View tool details →

Lacework

The data-driven cloud security platform.

A cloud security platform that provides automated threat detection, compliance, and visibility for cloud-native environments.

View tool details →

Red Hat Advanced Cluster Security for Kubernetes

Kubernetes-native security.

A Kubernetes-native security platform that provides a holistic view of your clusters and helps enforce policies across the build, deploy, and runtime stages.

View tool details →

Azure Key Vault

Safeguard cryptographic keys and other secrets used by cloud apps and services.

A cloud service for securely storing and accessing secrets, such as API keys, passwords, or certificates.

View tool details →

Fortanix Data Security Manager

Unified Data Security Platform.

A unified platform for data security that includes secrets management, key management, and tokenization.

View tool details →

Google Cloud Secret Manager

Store, manage, and access secrets as binary blobs or text strings.

A secure and convenient storage system for API keys, passwords, certificates, and other sensitive data.

View tool details →

CyberArk Conjur

Secrets management for DevOps and cloud environments.

A secrets management solution tailored for the unique requirements of native cloud, containers, and DevOps.

View tool details →

Check Point CloudGuard

Cloud Native Security

A unified cloud native security platform from Check Point.

View tool details →

Zscaler

The Zero Trust Exchange

A cloud security company providing a Zero Trust platform.

View tool details →

Palo Alto Networks (Prisma Cloud)

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that provides security from code to cloud.

View tool details →

Red Hat Advanced Cluster Security for Kubernetes

Kubernetes-native security for the entire application lifecycle.

A Kubernetes-native security platform that protects applications across the build, deploy, and runtime phases.

View tool details →

Rapid7

Endpoint to Cloud, Command Your Attack Surface.

A cybersecurity company providing solutions for security operations (SecOps).

View tool details →

Aqua Security

The Cloud Native Security Platform.

A comprehensive security platform for cloud-native applications, from development to production.

View tool details →

Prisma Cloud

The comprehensive Cloud Native Application Protection Platform (CNAPP).

A security platform that provides comprehensive protection for cloud-native applications.

View tool details →

Tigera Calico

The standard for container and Kubernetes network security and observability.

An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.

View tool details →

NeuVector

Full lifecycle container security.

A container security platform that provides real-time visibility, threat detection, and vulnerability management for Kubernetes environments.

View tool details →

Sophos Cloud Workload Protection

Cloud security, simplified.

A cloud security solution that provides visibility, threat detection, and response for cloud-native environments.

View tool details →

Palo Alto Networks Prisma Cloud

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that provides security and compliance coverage for the entire cloud-native application lifecycle.

View tool details →

Zscaler Workload Communications

Zero trust security for cloud workloads.

Provides zero trust security for communications between cloud workloads.

View tool details →

Capsule8

Cloud Security Posture and Workload Protection.

A runtime security platform for Linux environments, now part of Sophos.

View tool details →

Tenable.cs

Cloud-native security, from build to runtime.

A cloud-native application protection platform (CNAPP) that provides security for the entire cloud-native stack.

View tool details →

Check Point CloudGuard

Automated Cloud Native Security.

A unified cloud-native security platform that provides automated security and compliance for assets, workloads, and applications across the cloud.

View tool details →

Zscaler Cloud Protection

Simplify and secure your cloud.

A comprehensive cloud security platform that provides unified visibility, security, and compliance for multi-cloud environments.

View tool details →

F5 Distributed Cloud Services

Secure and deliver all your applications, anywhere.

A platform that provides a suite of security, networking, and application management services for multi-cloud and edge environments.

View tool details →

GitLab Container Security

Integrated container security for your DevOps workflow.

A set of security features integrated into the GitLab DevOps platform to help you find and fix vulnerabilities in your container images.

View tool details →

Zscaler Posture Control

An integrated solution to secure cloud-native applications.

A CNAPP that helps you secure your cloud-native applications by providing visibility, security, and compliance across your entire cloud environment.

View tool details →

Alcide

Kubernetes security from CI/CD to cluster.

A Kubernetes security platform that provides configuration and compliance scanning, as well as runtime security.

View tool details →

Calico

The standard for container network security and observability.

An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.

View tool details →

Palo Alto Networks Prisma Cloud

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive cloud security platform that provides security and compliance coverage for hosts, containers, and serverless, from development to production.

View tool details →

Tigera (Calico)

Active Security for Cloud-Native Applications.

Provides networking, observability, and security for containers and Kubernetes.

View tool details →

Tenable

The Exposure Management Company.

A cybersecurity company providing solutions for exposure management.

View tool details →

Check Point CloudGuard

Comprehensive Prevention-First Cloud Security Across Applications, Workloads, and Network.

A unified cloud-native security platform for threat prevention and posture management.

View tool details →

Zscaler

The Leader in Zero Trust.

A cloud security company that provides a Zero Trust Exchange platform.

View tool details →

Falco

The cloud-native runtime security project.

Open-source tool for real-time intrusion and abnormality detection in cloud-native environments.

View tool details →

Red Hat Advanced Cluster Security for Kubernetes

Kubernetes-native security.

A Kubernetes-native security platform that provides visibility, vulnerability management, and compliance for containerized applications.

View tool details →

Qualys Cloud Agent

A revolutionary new way to secure your IT environment.

A lightweight agent that provides continuous visibility, security, and compliance for your IT assets, wherever they are.

View tool details →

Tenable Cloud Security

See everything. Predict what matters.

A cloud-native application protection platform (CNAPP) that provides unified visibility and security for the entire cloud stack.

View tool details →

Cisco Cloud Native Security (Panoptica)

Secure your cloud-native applications from development to runtime.

A cloud-native application protection platform (CNAPP) that provides end-to-end security for cloud-native applications.

View tool details →

Tigera Calico

Industry standard for container network security and observability.

An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.

View tool details →

Aqua Security

The Cloud Native Security Platform.

A full-lifecycle security platform for cloud-native applications.

View tool details →

Datadog

See inside any stack, any app, at any scale, anywhere.

An observability platform that includes security monitoring capabilities.

View tool details →

Qualys

Enterprise TruRisk Management.

A cloud-based platform for IT, security, and compliance.

View tool details →

Anchore

Secure Your Software Supply Chain.

A software supply chain security platform that helps you identify and remediate security risks in your containerized applications.

View tool details →

Datadog

See inside any stack, any app, at any scale, anywhere.

A monitoring and security platform for cloud applications, providing observability, security, and analytics.

View tool details →

Datadog Cloud Security Platform

Unified security for your entire cloud environment.

A unified platform that brings together security, monitoring, and observability for cloud-native environments.

View tool details →

Tracee

Linux runtime security and forensics using eBPF.

An open-source runtime security and forensics tool for Linux, built by Aqua Security.

View tool details →

Cilium Tetragon

eBPF-based security observability and runtime enforcement.

An open-source security observability and runtime enforcement tool for Kubernetes.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed specifically for Kubernetes that uses simple YAML configurations to define and enforce policies.

View tool details →

Open Policy Agent (OPA) / Gatekeeper

Policy-based control for cloud native environments.

A general-purpose policy engine that can be used across the stack. Gatekeeper is its specialized Kubernetes admission controller.

View tool details →

Polaris

An open source policy engine for Kubernetes.

An open-source tool that runs a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices.

View tool details →

KubeLinter

A static analysis tool for Kubernetes YAML files and Helm charts.

An open-source command-line tool that spots misconfigurations in Kubernetes objects by reviewing YAML files and Helm charts.

View tool details →

Checkov

Prevent cloud misconfigurations during build time.

A static code analysis tool that scans infrastructure as code (IaC) for misconfigurations.

View tool details →

jsPolicy

The Power of JavaScript for Kubernetes Policies.

An open-source policy engine for Kubernetes that lets users build policies using JavaScript or TypeScript.

View tool details →

Cilium

eBPF-based Networking, Observability, and Security.

An open-source project that provides networking, observability, and security for cloud-native environments using eBPF.

View tool details →

KubeArmor

Cloud-native Runtime Security Enforcement System.

A CNCF sandbox project that provides runtime security enforcement for Kubernetes using LSMs.

View tool details →

K-Rail

A workload policy enforcement tool for Kubernetes.

An open-source policy enforcement tool for Kubernetes that helps you secure a multi-tenant cluster with minimal disruption.

View tool details →

MagTape

A Kubernetes admission controller for mutating and validating.

An open-source admission controller from T-Mobile for validating and mutating resources based on annotations.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine that can be used to enforce policies across the stack.

View tool details →

Gatekeeper

Policy Controller for Kubernetes.

A customizable admission webhook for Kubernetes that enforces policies executed by the Open Policy Agent (OPA).

View tool details →

Falco

The cloud-native runtime security project.

An open-source runtime security tool that detects unexpected application behavior, configuration changes, and security events in Kubernetes clusters.

View tool details →

Trivy

A simple and comprehensive vulnerability scanner for containers and other artifacts.

A comprehensive, open-source vulnerability scanner for containers and other artifacts, and can identify misconfigurations in Kubernetes manifests.

View tool details →

Kube-bench

Checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

An open-source tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analyzer that scans infrastructure as code (IaC) for security vulnerabilities and compliance violations.

View tool details →

Kube-hunter

Hunt for security weaknesses in Kubernetes clusters.

An open-source tool that runs penetration tests on Kubernetes clusters to discover security vulnerabilities.

View tool details →

Kube-scan

A tool that scans Kubernetes clusters for risks and provides a risk score.

An open-source tool that scans Kubernetes clusters for risks and provides a risk score for each workload.

View tool details →

Kube-score

A tool for static analysis of your Kubernetes object definitions.

An open-source tool that performs static analysis of Kubernetes object definitions to find security and reliability issues.

View tool details →

Calico

Open-source networking and security for containers and Kubernetes.

Provides networking, network policy, and observability for Kubernetes.

View tool details →

Cilium

eBPF-based Networking, Observability, and Security.

Provides networking, observability, and security for cloud-native environments using eBPF.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open source, general-purpose policy engine that unifies policy enforcement across the stack.

View tool details →

Kyverno

Kubernetes Native Policy Management

A policy engine designed specifically for Kubernetes.

View tool details →

Antrea

A Kubernetes-native container network interface (CNI) and network security solution.

An open-source CNI plugin for Kubernetes focused on performance and security.

View tool details →

Weave Net

Simple, resilient, and secure networking for Kubernetes and containers.

A CNI plugin for Kubernetes that creates a virtual network for containers.

View tool details →

Sealed Secrets

A Kubernetes controller and tool for one-way encrypted Secrets.

An open-source tool that allows you to encrypt Kubernetes Secrets, which can then be safely stored in a public Git repository.

View tool details →

SOPS (Secrets OPerationS)

An editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

An open-source editor for encrypted files that helps you manage secrets in a GitOps-friendly way.

View tool details →

External Secrets Operator

Synchronize secrets from external APIs into Kubernetes.

A Kubernetes operator that reads information from external secret management systems and automatically injects the values into Kubernetes Secrets.

View tool details →

Secrets Store CSI Driver

Integrate secrets stores with Kubernetes via a Container Storage Interface (CSI) volume.

A Kubernetes CSI driver that allows you to mount secrets from external stores as volumes in your pods.

View tool details →

Cisco Panoptica

Cloud Native Application Security

A security platform for cloud-native applications, from development to runtime.

View tool details →

Kube-router

A turnkey solution for Kubernetes networking.

An all-in-one networking solution for Kubernetes.

View tool details →

Kamus

An open source, GitOps-friendly, secrets encryption and decryption solution for Kubernetes.

An open-source tool for encrypting secrets for specific applications running in Kubernetes.

View tool details →

Berglas

A command line tool and library for storing and retrieving secrets from Google Cloud Storage and Google Secret Manager.

An open-source tool from Google for managing secrets on Google Cloud Platform, particularly with services like Google Kubernetes Engine and Cloud Run.

View tool details →

git-secret

A bash tool to store your private data inside a git repo.

An open-source bash script that allows you to encrypt and store secrets in a Git repository.

View tool details →

Trousseau

Your go-to secrets management tool for Kubernetes, powered by the community.

An open-source Kubernetes KMS provider that allows you to encrypt Kubernetes secrets using a key from a remote KMS.

View tool details →

Keywhiz

A system for managing and distributing secrets.

An open-source secrets management system developed by Square.

View tool details →