📋 GitOps Security

Semgrep

Static analysis at ludicrous speed.

A fast, open-source, static analysis tool for finding bugs and enforcing code standards.

For more tool information ➜

HashiCorp Vault

Manage secrets and protect sensitive data.

A tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates.

For more tool information ➜

SpectralOps

Automated code security for developers.

A developer-first security tool that scans code, configuration, and other artifacts for secrets, security misconfigurations, and vulnerabilities.

For more tool information ➜

Snyk

Developer security that helps you build secure applications and secure your cloud, from code to cloud.

A developer-first security platform for finding and fixing vulnerabilities in code, dependencies, containers, and IaC.

For more tool information ➜

Prisma Cloud by Palo Alto Networks

The industry’s most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that provides security and compliance coverage from code to cloud.

For more tool information ➜

Sysdig Secure

Threat detection and response, built on runtime insights.

A cloud security platform that provides threat detection, compliance, and vulnerability management based on deep runtime visibility.

For more tool information ➜

Datadog Cloud Security Platform

Unified security for the entire cloud-native stack.

A security platform that provides threat detection, posture management, and vulnerability scanning in a single unified platform.

For more tool information ➜

Aqua Security

Stop cloud native attacks.

A cloud-native security platform that secures applications from development to production, across VMs, containers, and serverless.

For more tool information ➜

Checkov

Prevent cloud misconfigurations during build time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages.

An open-source static analysis tool for scanning infrastructure as code (IaC) files for misconfigurations.

For more tool information ➜

Trivy

A comprehensive and versatile security scanner.

An open-source security scanner for vulnerabilities in container images, filesystems, and Git repositories, as well as for misconfigurations.

For more tool information ➜

KICS

Keeping Infrastructure as Code Secure.

An open-source static analysis tool that finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in IaC.

For more tool information ➜

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analyzer for IaC that helps detect security and compliance issues.

For more tool information ➜

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine that enables unified, context-aware policy enforcement.

For more tool information ➜

Kyverno

Kubernetes Native Policy Management.

A policy engine designed specifically for Kubernetes, allowing you to manage and enforce policies as Kubernetes resources.

For more tool information ➜

Falco

The cloud-native runtime security project.

An open-source behavioral activity monitor designed to detect anomalous activity in your applications and containers.

For more tool information ➜

Git-secrets

Prevents you from committing secrets and credentials into git repositories.

A tool by AWS Labs that prevents committing passwords and other sensitive information to a Git repository.

For more tool information ➜

Gitleaks

Audit git repos for secrets.

An open-source tool for detecting and preventing secrets in Git repositories.

For more tool information ➜

Kube-bench

Checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

An open-source tool that checks whether Kubernetes is deployed according to security best practices from the CIS Benchmark.

For more tool information ➜

Kubescape

The first tool for testing if Kubernetes is deployed securely according to multiple frameworks.

An open-source tool that provides risk analysis, security compliance, and misconfiguration scanning for Kubernetes.

For more tool information ➜

Prowler

The most-used open source tool for AWS security.

An open-source security tool for AWS, Azure, and GCP to perform security assessments, audits, incident response, hardening, and forensics readiness.

For more tool information ➜

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

For more tool information ➜

SOPS

Secrets OPerationS.

An open-source editor for encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

For more tool information ➜

Bitnami Sealed Secrets

A Kubernetes controller and tool for one-way encrypted Secrets.

An open-source tool for encrypting Kubernetes Secrets so they can be safely stored in a public Git repository.

For more tool information ➜

External Secrets Operator

Synchronize secrets from external APIs into Kubernetes.

A Kubernetes operator that reads information from external secret management systems and automatically injects it as Kubernetes Secrets.

For more tool information ➜