GitOps Security

Datree

A CLI tool to prevent Kubernetes misconfigurations from reaching production.

A policy enforcement solution that helps developers and DevOps teams prevent Kubernetes misconfigurations by running automated checks on manifests and Helm charts.

View tool details →

Jit

The Agentic Product Security Platform.

An agentic product security platform that automates and accelerates every aspect of product security.

View tool details →

Semgrep

Static analysis at ludicrous speed.

A fast, open-source, static analysis tool for finding bugs and enforcing code standards.

View tool details →

Legitify

Secure your code from commit to cloud.

A security platform for the software supply chain.

View tool details →

GitGuardian

The code security platform for the enterprise.

A platform that specializes in detecting and remediating secrets leaked in source code and other materials.

View tool details →

ARMO Platform

End-to-End Kubernetes Security, Built for Developers.

An enterprise platform built on top of Kubescape, providing centralized management, advanced features, and support for Kubernetes security.

View tool details →

Styra DAS

The authorization platform for the cloud-native world, built on Open Policy Agent (OPA).

An enterprise management plane for Open Policy Agent (OPA) that provides a control plane for authoring, distributing, and monitoring policies.

View tool details →

Argo CD

Declarative, GitOps continuous delivery for Kubernetes.

A declarative, GitOps continuous delivery tool for Kubernetes.

View tool details →

SpectralOps

Automated code security for developers.

A developer-first security platform that prevents security misconfigurations and exposed secrets in code.

View tool details →

HashiCorp Vault

Manage secrets and protect sensitive data.

A tool for securely accessing secrets.

View tool details →

Snyk

Developer security that helps you build secure applications and secure your cloud, from code to cloud.

A developer-first security platform for finding and fixing vulnerabilities in code, dependencies, containers, and IaC.

View tool details →

Flux CD

The GitOps family of projects.

A set of continuous and progressive delivery solutions for Kubernetes that are open and extensible.

View tool details →

Sysdig

Secure every second.

A cloud security platform, powered by runtime insights, that helps teams find and fix security risks in the cloud.

View tool details →

Grype

A vulnerability scanner for container images and filesystems.

An open-source vulnerability scanner for container images and filesystems from Anchore.

View tool details →

Sonatype

The full-spectrum software supply chain management platform.

A platform focused on software supply chain management, providing tools to secure and manage open source components.

View tool details →

GitLab

The DevSecOps Platform.

A single application for the entire software development lifecycle, from project planning and source code management to CI/CD and monitoring.

View tool details →

Prisma Cloud

The most complete Cloud Native Application Protection Platform (CNAPP).

A comprehensive CNAPP from Palo Alto Networks that provides security across the full lifecycle of cloud native applications.

View tool details →

Prisma Cloud by Palo Alto Networks

The industry’s most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that provides security and compliance coverage for the entire cloud native application lifecycle.

View tool details →

Veracode

Secure your world.

A comprehensive application security platform that provides a full range of testing solutions, from static and dynamic analysis to software composition analysis.

View tool details →

Sysdig Secure

Threat detection and response, built on runtime insights.

A cloud-native application protection platform (CNAPP) that provides deep visibility and security for containers, Kubernetes, and cloud.

View tool details →

Mend.io

Application Security without the chase.

An application security platform that automates the process of finding and fixing vulnerabilities in open source and custom code.

View tool details →

Checkmarx

Make security seamless. From code to cloud.

A comprehensive application security testing (AST) platform that provides SAST, SCA, IAST, and IaC security solutions.

View tool details →

Checkmarx One

The Application Security Platform for the AI Era.

A unified platform for application security testing, from code to cloud.

View tool details →

Datadog

See inside any stack, any app, at any scale, anywhere.

A monitoring and security platform for cloud applications.

View tool details →

Datadog Cloud Security Platform

Unified security for the entire cloud-native stack.

A security platform that provides threat detection, posture management, and vulnerability scanning in a single unified platform.

View tool details →

JFrog Xray

Universal software composition analysis (SCA).

A universal software composition analysis (SCA) tool that integrates with JFrog Artifactory to scan for vulnerabilities and license compliance issues.

View tool details →

Aqua Security

Stop cloud native attacks.

A unified platform for securing the entire lifecycle of cloud native applications, from development to production.

View tool details →

Checkov

Prevent cloud misconfigurations during build time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages.

An open-source static analysis tool for scanning infrastructure as code (IaC) to find misconfigurations.

View tool details →

Trivy

A comprehensive and versatile security scanner.

An open-source vulnerability scanner for containers, IaC, and more.

View tool details →

KICS

Keeping Infrastructure as Code Secure.

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analyzer for Infrastructure as Code, scanning for security vulnerabilities and compliance violations.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open source, general-purpose policy engine that unifies policy enforcement across the stack.

View tool details →

Falco

The cloud-native runtime security project.

An open-source behavioral activity monitor designed to detect anomalous activity in applications.

View tool details →

Git-secrets

Prevents you from committing secrets and credentials into git repositories.

A tool by AWS Labs that prevents committing passwords and other sensitive information to a Git repository.

View tool details →

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

View tool details →

OPA Gatekeeper

Policy Controller for Kubernetes.

Enforces policies on Kubernetes clusters using the Open Policy Agent (OPA).

View tool details →

External Secrets Operator

Synchronize secrets from external APIs into Kubernetes.

A Kubernetes operator that reads information from external secret management systems and automatically injects it as Kubernetes Secrets.

View tool details →

Prowler

The most-used open source tool for AWS security.

An open-source security tool for AWS, Azure, and GCP to perform security assessments, audits, incident response, hardening, and forensics readiness.

View tool details →

Kubescape

The first tool for testing if Kubernetes is deployed securely according to multiple frameworks.

An open-source tool for testing if Kubernetes is deployed securely as defined by multiple frameworks.

View tool details →

KubeLinter

A static analysis tool that checks Kubernetes YAML files and Helm charts for production readiness and security.

An open-source static analysis tool for Kubernetes manifests and Helm charts, checking for best practices.

View tool details →

Bitnami Sealed Secrets

A Kubernetes controller and tool for one-way encrypted Secrets.

An open-source tool for encrypting Kubernetes Secrets so they can be safely stored in a public Git repository.

View tool details →

Kube-bench

Checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

An open-source tool that checks whether Kubernetes is deployed according to security best practices from the CIS Benchmark.

View tool details →

Gitleaks

Audit git repos for secrets.

An open-source tool for detecting and preventing secrets in Git repositories.

View tool details →

SOPS

Secrets OPerationS.

An open-source editor for encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed for Kubernetes that allows you to manage policies as Kubernetes resources.

View tool details →

Kamus

A GitOps solution for managing secrets.

An open-source, GitOps-friendly solution for managing secrets in Kubernetes.

View tool details →

Sealed Secrets

A Kubernetes controller and tool for one-way encrypted Secrets.

An open-source tool for encrypting Kubernetes Secrets so they can be safely stored in Git.

View tool details →

Mozilla SOPS

Secrets OPerationS.

An editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

View tool details →