CNCF policy engine for Kubernetes using WebAssembly policies to enforce security and compliance rules.
Security platforms for protecting containerized applications throughout the build, deploy, and runtime lifecycle.
CNCF policy engine for Kubernetes using WebAssembly policies to enforce security and compliance rules.
Open-source vulnerability scanner from Aqua Security that finds CVEs in container images, IaC, and Git repositories.
Trivy by Aqua Security is an open-source comprehensive vulnerability scanner for containers, filesystems, Git repositories, and Kubernetes configurations.
Anchore provides container security and software supply chain compliance tools that help organizations enforce security policies for container images throughout the development pipeline.
Application security platform scanning for vulnerabilities in code.
Open-source container runtime using lightweight VMs to provide hardware isolation for container workloads with OCI compatibility.
Daemonless container engine for developing and managing OCI containers and pods on Linux systems without requiring root privileges.
AccuKnox provides zero-trust runtime security for containers and Kubernetes using eBPF-powered monitoring and dynamic policy enforcement.
Container isolation platform providing hardware-enforced security boundaries for Kubernetes workloads.
Kubernetes security consultancy and GitOps runtime with Kyverno policy tooling.
Wiz provides agentless cloud security including container vulnerability scanning, runtime protection, and Kubernetes security as part of its comprehensive CNAPP platform.
Chainguard's undistro Linux for secure software supply chain designed for containers with glibc and SBOM-first approach.
Software attack surface management platform for container image hardening.
Runtime cloud-native security with attack tracing
Runtime security engine for Kubernetes workloads enforcing policies with Linux kernel primitives.
Red Hat-owned Kubernetes-native security platform for securing containerized apps across the full lifecycle.
Google's user-space kernel providing an additional layer of isolation between containers and the host.
Cilium's eBPF-based security observability and runtime enforcement platform for Kubernetes clusters.
SUSE-owned open-source container security platform providing full lifecycle protection from vulnerability scanning to runtime detection and response.
Container optimization and security platform minimizing container attack surfaces by automatically removing unnecessary packages and vulnerabilities.