Browse & filter

Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.

Falco

Top pick

Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.

kubernetesruntimecontainerscncfdetection

Security & Privacy

Open Policy Agent (OPA)

Top pick

General-purpose policy engine with Rego: unify authorization and config decisions across K8s, APIs, Terraform plans, and CI.

policyregokubernetesauthorizationcncf

Security & Privacy

Kyverno

Top pick

Kubernetes-native policy engine using YAML (no Rego) for validate, mutate, generate, and image verification rules.

kubernetespolicyadmissioncncfdevsecops

Security & Privacy

Kubescape

Top pick

Kubernetes security scanner for misconfigurations, RBAC, compliance frameworks (NSA/CIS), and image vulnerabilities.

kubernetescompliancedevsecopsscannercncf

Security & Privacy

Inspektor Gadget

Also strong

CNCF eBPF-based observability for Kubernetes: gadgets for tracing DNS, TCP, exec, and security events from kubectl.

kubernetesebpfobservabilitycncfdebugging