Kubernetes Security
Compare 123 kubernetes security tools to find the right one for your needs
📂 Subcategories
🔧 Tools
Compare and find the best kubernetes security for your needs
Doppler
A universal secrets manager that helps developers and security teams manage secrets across all environments.
ARMO (Kubescape)
An open-source Kubernetes security platform for risk analysis, compliance, and misconfiguration scanning.
Wiz
Provides a unified platform for cloud security, from prevention to detection and response.
Styra Declarative Authorization Service (DAS)
An enterprise management plane for Open Policy Agent (OPA) to operationalize authorization.
Styra Declarative Authorization Service (DAS)
An enterprise management plane for Open Policy Agent (OPA).
Lacework
A CNAPP that uses anomaly detection to identify threats across cloud environments.
Fairwinds Insights
A software platform that operationalizes open-source tools to provide Kubernetes security, policy, and compliance.
StrongDM
A platform that manages and audits access to databases, servers, clusters, and web apps.
SentinelOne
An autonomous AI-driven cybersecurity platform for endpoint, cloud, and identity.
CrowdStrike Falcon Cloud Security
A comprehensive cloud security solution that provides visibility, threat detection, and response for cloud-native environments.
Teleport
An identity-native infrastructure access platform.
Sysdig
A cloud security platform that provides threat detection, compliance, and forensics.
Kubescape
An open-source Kubernetes security posture management tool that scans clusters, YAML files, and Helm charts.
Akeyless Vault Platform
A unified, SaaS-based platform for secrets management, secure remote access, and data protection.
CrowdStrike Falcon Cloud Security
A unified platform for complete code-to-cloud protection.
Orca Security
Provides agentless security and compliance for AWS, Azure, and Google Cloud.
Snyk
Helps developers find and fix vulnerabilities in code, dependencies, containers, and IaC.
Open Policy Agent (OPA)
An open-source, general-purpose policy engine for unified policy enforcement.
Infisical
An open-source platform to centralize secrets like API keys, database credentials, and configurations.
Wiz
A CNAPP that provides full-stack visibility and risk context for cloud environments.
Uptycs
Provides a unified platform for cloud-native application protection (CNAPP) and extended detection and response (XDR).
Snyk
A platform that helps developers find and fix vulnerabilities in code, open source dependencies, containers, and IaC.
Tufin
A security policy management company specializing in automation.
Kyverno
A policy engine designed specifically for Kubernetes.
Uptycs
A unified CNAPP and XDR platform for cloud, container, and endpoint security.
Keeper Secrets Manager
A fully managed, cloud-based solution for securing infrastructure secrets such as API keys, database passwords, and access keys.
Dynatrace Application Security
An application security solution that provides visibility, threat detection, and response for cloud-native applications.
NeuVector
A container security platform providing deep visibility, vulnerability scanning, and run-time protection.
Sysdig
A cloud security platform that provides threat detection, compliance, and forensics for containers, Kubernetes, and cloud.
rbac-manager
An open-source Kubernetes operator for simplified RBAC management.
1Password Secrets
A secrets management solution from the popular password manager 1Password, designed for developers and DevOps teams.
Snyk
A developer-first security platform for finding and fixing vulnerabilities in code, dependencies, and containers.
Datadog Cloud Security Platform
Provides a unified platform for security, compliance, and threat detection in the cloud.
Datadog Cloud Security Platform
Provides security monitoring and threat detection integrated with its observability platform.
Prisma Cloud by Palo Alto Networks
A comprehensive security platform that provides security and compliance coverage for the entire cloud native application lifecycle.
Teleport
An identity-native infrastructure access platform for engineers and security professionals.
Orca Security
An agentless CNAPP that provides full-stack visibility into cloud environments.
Sysdig Secure
Provides threat detection, vulnerability management, and compliance for containers and Kubernetes.
Rapid7 InsightCloudSec
A CNAPP for managing security, compliance, and governance from development to production.
Aqua Security
A full-lifecycle Cloud Native Application Protection Platform (CNAPP) for container, Kubernetes, and serverless security.
HashiCorp Vault
A tool for managing secrets and protecting sensitive data. It provides a centralized service to manage secrets across applications, systems, and infrastructure.
Lacework
A CNAPP that uses behavioral analytics to detect threats across cloud environments.
Zscaler for Workloads
A cloud security solution that provides zero trust security for cloud workloads.
VMware Carbon Black
An endpoint and workload protection platform.
Rapid7 InsightCloudSec
A Cloud-Native Application Protection Platform (CNAPP) that provides unified visibility, risk management, and compliance.
Snyk Container
A container security solution that helps developers find and fix vulnerabilities in their container images and Kubernetes applications.
Delinea Secret Server
A solution for storing, managing, and auditing privileged accounts and credentials.
Dynatrace
A software intelligence platform for observability, AIOps, and application security.
SUSE NeuVector
A container security platform that provides vulnerability scanning, compliance, and zero-trust runtime security.
Aqua Security
Provides a full lifecycle security solution for cloud-native applications.
Lacework
Provides automated threat detection, configuration compliance, and vulnerability management for cloud workloads.
AWS Secrets Manager
A secrets management service that helps you protect access to your applications, services, and IT resources.
Sysdig
A cloud-native security platform for containers, Kubernetes, and cloud services.
Palo Alto Networks Prisma Cloud
A comprehensive CNAPP for code-to-cloud security in any cloud environment.
Zscaler
A cloud security company providing a Zero Trust Exchange platform for secure access to applications and data.
Deepfence ThreatMapper
Open-source platform to hunt for vulnerabilities in production platforms, and rank them based on risk-of-exploit.
Armo Kubescape
An open-source platform for testing if Kubernetes is deployed securely.
Deepfence ThreatStryker
An open-source security observability platform that provides visibility, threat detection, and compliance for cloud-native environments.
Illumio
Provides zero trust segmentation to stop the spread of breaches and ransomware.
Twistlock
A comprehensive cloud native security platform, acquired by Palo Alto Networks and integrated into Prisma Cloud.
StackRox
An open-source, Kubernetes-native security platform, the upstream project for Red Hat Advanced Cluster Security.
Sysdig Secure
A CNAPP that provides deep visibility for cloud and container security, powered by runtime insights.
Red Hat Advanced Cluster Security for Kubernetes (ACS)
A Kubernetes-native security platform that protects applications across the build, deploy, and run phases.
Azure Key Vault
A cloud service for securely storing and accessing secrets, such as API keys, passwords, or certificates.
Fortanix Data Security Manager
A unified platform for data security that includes secrets management, key management, and tokenization.
Palo Alto Networks (Prisma Cloud)
A comprehensive CNAPP that provides security from code to cloud.
Red Hat Advanced Cluster Security for Kubernetes
A Kubernetes-native security platform that protects applications across the build, deploy, and runtime phases.
Rapid7
A cybersecurity company providing solutions for security operations (SecOps).
Aqua Security
A comprehensive security platform for cloud-native applications, from development to production.
Prisma Cloud
A security platform that provides comprehensive protection for cloud-native applications.
Tigera Calico
Provides networking and security policy for containers, virtual machines, and native host-based workloads.
NeuVector
Provides end-to-end security for the entire container lifecycle, from build to production.
Sophos Cloud Workload Protection
A cloud security solution that provides visibility, threat detection, and response for cloud-native environments.
Palo Alto Networks Prisma Cloud
Provides comprehensive security and compliance coverage for the entire cloud-native technology stack, applications, and data.
Zscaler Workload Communications
Provides zero trust security for communications between cloud workloads.
Capsule8
Provides runtime security and threat detection for Linux infrastructure, acquired by Sophos.
Zscaler Posture Control
Zscaler's CNAPP solution that provides CSPM, CIEM, and IaC scanning to reduce risk in cloud environments.
Zscaler
A cloud security company providing a Zero Trust platform.
Check Point CloudGuard
A unified cloud native security platform from Check Point.
Google Cloud Secret Manager
A secure and convenient storage system for API keys, passwords, certificates, and other sensitive data.
CyberArk Conjur
A secrets management solution tailored for the unique requirements of native cloud, containers, and DevOps.
Tigera (Calico)
Provides networking, observability, and security for containers and Kubernetes.
Tenable
A cybersecurity company providing solutions for exposure management.
Check Point CloudGuard
A unified cloud-native security platform for threat prevention and posture management.
Zscaler
A cloud security company that provides a Zero Trust Exchange platform.
Falco
Open-source tool for detecting anomalous activity in applications and containers.
Red Hat Advanced Cluster Security for Kubernetes
Provides security for the entire application lifecycle, from build to deploy to runtime.
Qualys Cloud Agent
Provides continuous visibility, security, and compliance for your global IT assets.
Tigera Calico
An open-source networking and network security solution for containers, virtual machines, and native host-based workloads.
Aqua Security
A full-lifecycle security platform for cloud-native applications.
Datadog
An observability platform that includes security monitoring capabilities.
Qualys
A cloud-based platform for IT, security, and compliance.
Datadog
A monitoring and security platform for cloud applications, providing observability, security, and analytics.
Tracee
An open-source runtime security and forensics tool for Linux.
Cilium Tetragon
An open-source security observability and runtime enforcement tool for Kubernetes.
Kyverno
A policy engine designed specifically for Kubernetes that manages policies as Kubernetes resources.
Open Policy Agent (OPA) / Gatekeeper
A general-purpose policy engine that can be used across the stack. Gatekeeper is its specialized Kubernetes admission controller.
Polaris
An open-source tool that validates Kubernetes resources to ensure configuration best practices are followed.
KubeLinter
An open-source CLI tool that checks Kubernetes YAML files and Helm charts against best practices.
Checkov
An open-source static analysis tool for scanning infrastructure as code (IaC) for misconfigurations.
jsPolicy
An open-source policy engine for Kubernetes that allows users to write policies using JavaScript or TypeScript.
Cilium
An open-source project providing networking, observability, and security for cloud-native environments using eBPF.
KubeArmor
A CNCF sandbox project that provides runtime security enforcement for Kubernetes using LSMs.
K-Rail
An open-source admission controller from Cruise Automation that provides simple, configuration-based policy enforcement.
MagTape
An open-source admission controller from T-Mobile for validating and mutating resources based on annotations.
Open Policy Agent (OPA)
An open source, general-purpose policy engine that unifies policy enforcement across the stack.
Calico
Provides networking, network policy, and observability for Kubernetes.
Cilium
Provides networking, observability, and security for cloud-native environments using eBPF.
Open Policy Agent (OPA)
An open source, general-purpose policy engine that unifies policy enforcement across the stack.
Kyverno
A policy engine designed specifically for Kubernetes.
Antrea
An open-source CNI plugin for Kubernetes focused on performance and security.
Weave Net
A CNI plugin for Kubernetes that creates a virtual network for containers.
Kube-router
An all-in-one networking solution for Kubernetes.
Cisco Panoptica
A security platform for cloud-native applications, from development to runtime.
Sealed Secrets
An open-source tool that allows you to encrypt Kubernetes Secrets, which can then be safely stored in a public Git repository.
SOPS (Secrets OPerationS)
An open-source editor for encrypted files that helps you manage secrets in a GitOps-friendly way.
External Secrets Operator
A Kubernetes operator that reads information from external secret management systems and automatically injects the values into Kubernetes Secrets.
Secrets Store CSI Driver
A Kubernetes CSI driver that allows you to mount secrets from external stores as volumes in your pods.
Kamus
An open-source tool for encrypting secrets for specific applications running in Kubernetes.
Berglas
An open-source tool from Google for managing secrets on Google Cloud Platform, particularly with services like Google Kubernetes Engine and Cloud Run.
git-secret
An open-source bash script that allows you to encrypt and store secrets in a Git repository.
Trousseau
An open-source Kubernetes KMS provider that allows you to encrypt Kubernetes secrets using a key from a remote KMS.
Keywhiz
An open-source secrets management system developed by Square.