Kubernetes Security Tools

Implements the Kubernetes Network Policies specification, enforcing fine-grained segmentation between pods and services.

The de facto Kubernetes threat detection engine — monitors system calls in real time to detect anomalous behaviour and intrusions.

Snyk Infrastructure as Code helps developers write secure Kubernetes and Terraform configurations, catching misconfigurations early in the pipeline.

Open-source registry that secures container artifacts with policies, role-based access control, vulnerability scanning, and image signing.

Enables super-easy RBAC management for Kubernetes clusters through a simple web UI and CRD-driven approach.

Complete security for Kubernetes from Palo Alto Networks — covering runtime protection, vulnerability management, compliance, and network security.

A workload policy enforcement tool for Kubernetes that validates and blocks non-compliant workloads at admission time.

Provides AWS IAM credentials to containers running inside a Kubernetes cluster, eliminating the need for static key management.

Runs as an agent on each node and allows cluster users to associate IAM roles to Pods, providing per-workload AWS credential scoping.

Open-source Identity and Access Management solution — provides SSO, OIDC, OAuth 2.0 and SAML support for Kubernetes workloads.

Kubernetes Lazy User Manager — a simple controller that creates service accounts and manages user access via declarative CRDs.

An editor of encrypted files supporting YAML, JSON, ENV, INI and more — encrypts with AWS KMS, GCP KMS, Azure Key Vault, and PGP.

A CLI tool and Go package to audit Kubernetes clusters for various security concerns — covering privilege escalation, AppArmor, network policies and more.

The Kubernetes network policy validator — automatically tests whether your network policies behave as expected across all pod combinations.

Takes a Kubernetes audit log and username as input, generating RBAC role and binding objects that cover all the API requests made by that user.

A Go application that checks whether Kubernetes is deployed securely by running the CIS Kubernetes Benchmark checks automatically.

Full-stack Kubernetes security platform covering vulnerability scanning, runtime protection, compliance, and supply chain security.

Securing Kubernetes Operations — kOps provides security hardening capabilities for clusters it provisions, covering IAM, encryption, and node security.

A network security solution for containers, VMs, and native host-based workloads — offering network policy enforcement and micro-segmentation.

Integrated, automated security for containers deployed with Kubernetes — providing zero-trust network security and runtime protection.