Best IT Security Software for Kubernetes - Page 3
View:
Compare the Top IT Security Software that integrates with Kubernetes as of December 2025 - Page 3
Sort By:
This a list of IT Security software that integrates with Kubernetes. Use the filters on the left to add additional filters for products that have integrations with Kubernetes. View the products that work with Kubernetes in the table below.
-
1
Zercurity
Zercurity
Bootstrap and build out your cybersecurity posture with Zercurity. Reduce the time and resources spent monitoring, managing, integrating, and navigating your organization through the different cybersecurity disciplines. Get clear data points you can actually use. Get an instant understanding of what your current IT infrastructure looks like. Assets, applications, packages, and devices are examined automatically. Let our sophisticated algorithms find and run queries across your assets. Automatically highlighting anomalies and vulnerabilities in real-time. Expose threats to your organization. Eliminate the risks. Automatic reporting and auditing cuts remediation time and supports handling. Unified security monitoring for your entire organization. Query your infrastructure like a database. Instant answers to your toughest questions. Measure your risk in real-time. Stop guessing where your cybersecurity risks lie. Get deep insights into every facet of your organization.Starting Price: $15.01 per month -
2
RapidFort
RapidFort
Automatically eliminate unused software components and deploy smaller, faster, more secure workloads. RapidFort drastically reduces vulnerability and patch management queues so that developers can focus on building. By eliminating unused container components, RapidFort enhances production workload security and saves developers from unnecessarily patching and maintaining unused code. RapidFort profiles containers to understand what components are needed to run. Run your containers as normal in any environment, dev, test, or prod. Use any container deployment, including Kubernetes, Docker Compose, Amazon EKS, and AWS Fargate. RapidFort then identifies which packages you must keep, enabling you to remove unused packages. Typical improvements are in the 60% to 90% range. RapidFort also provides the option to build and customize remediation profiles, allowing you to pick and choose what to retain or remove.Starting Price: $5,000 per month -
3
Kubescape
Armo
A Kubernetes open-source platform providing developers and DevOps an end-to-end security solution, including risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning. Kubescape scans K8s clusters, Kubernetes manifest files (YAML files, and HELM charts), code repositories, container registries and images, detecting misconfigurations according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK®), finding software vulnerabilities, and showing RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline. It calculates risk scores instantly and shows risk trends over time. Kubescape has became one of the fastest-growing Kubernetes security compliance tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins precious time, effort, and resources.Starting Price: $0/month -
4
IDHub
Sath
IDHub is a fully customizable, flexible, and user-friendly IAM solution. We know managing a highly technical IAM system can be challenging. However, convincing users how and why to use it is often as difficult. After nearly two decades of IAM experience, we designed IDHub with the needs of users and administrators in mind, for the best in usability, functionality, and customization, to make your jobs easier. We constantly expand our extensive training videos and easy read documentation, to make using and managing IDHub as easy as possible. Get expert-level support from veteran IAM professionals, with plans up to 24/7/365. We believe IAM processes should be incredibly fast. Our fail fast, recover faster model, allows businesses to launch and deploy complete systems and updates within hours and days, not weeks and months.Starting Price: $70/user/year -
5
Akto
Akto
Akto is an open source API security in CI/CD platform. Key features of Akto include: 1. API Discovery 2. API Security Testing 3. Sensitive Data Exposure 4. API Security Posture Management 5. Authentication and Authorization 6. API Security in DevSecOps Akto helps developers and security teams secure APIs in their CI/CD by continuously discovering and testing APIs for vulnerabilities. Akto's pricing is transparent on website. Free tier is available. You can deploy both self-hosted and in cloud. It takes only few mins to deploy and see results. Akto can integrate with multiple traffic sources - Burpsuite, AWS, postman, GCP, gateways, etc. -
6
Cloudanix
Cloudanix
Cloudanix provides CSPM, CIEM, CWPP, and CNAPP capabilities across all major cloud providers in a single dashboard. Our risk scoring helps prioritize security threats to minimize alert fatigue from your DevOps and InfoSec teams. Our adaptive notifications ensure that the right alert reaches the right team member. 1-click JIRA integration, inbuilt review workflows, and other collaborative features increase team productivity by large. Cloudanix provides a library of automated remediation options to reduce the amount of time required to fix a problem. The solution is agentless and onboards in five minutes. Our pricing is resource based which means there are no minimums and you can bring all your different AWS accounts under our single Dashboard. We are backed by YCombinator and some amazing investors who have built and run infrastructure and security companies in the past. There is no minimum to start using Cloudanix to secure your cloud infrastructureStarting Price: $99/month -
7
Myra Security
Myra Security
Myra Security is a leading provider of cloud-based application and network security solutions designed to protect organizations against the full spectrum of modern cyber threats. With a strong focus on reliability, performance, and compliance, Myra delivers security services that are both technically robust and easy to integrate into existing infrastructures. Myra’s application security portfolio forms the core of its offering. It includes a DDoS Protection, Web Application Firewall, CDN, and Bot Management. In addition to application security, Myra also provides network security solutions that safeguard critical infrastructures, corporate networks, and digital assets against escalating cyber risks. Their network-level protections ensure stable, secure, and compliant data flows—especially important for sectors with demanding regulatory requirements such as finance, healthcare, and government.Starting Price: 399 €/month -
8
STRM
STRM
Creating and managing data policies is a slow pain. With PACE by STRM, you can make sure data is used securely. Apply data policies through code, wherever it lives. Farewell to long waits and costly meetings, meet your new open source data security engine. Data policies aren't just about controlling access; they are about extracting value from data with the right guardrails. PACE lets you collaborate on the why and when automating the how through code. With PACE you can programmatically define and apply data policies across platforms. Integrated into your data platform and catalog (optional), and by leveraging the native capabilities of the stack you already have. PACE enables automated policy application across key data platforms and catalogs to ease your governance processes. Ease the process of policy creation and implementation, centralize control, and decentralize execution. Fulfill auditing obligations by simply showing how controls are implemented.Starting Price: Free -
9
Betterscan.io
Betterscan.io
Reduce MTTD & MTTR with full coverage within minutes of using. Full DevSecOps toolchain across your all environments, implementing and collecting evidence as part of your continuous security. Unified and de-duplicated across all the layers we orchestrate. One line to add several thousand checks + AI. It was built with security in mind, and we have avoided common security mistakes and pitfalls. Understands modern technologies. All are callable via REST API. Integrateable with CI/CD systems, lightweight and fast. You can self-host it for 100% code control and transparency, or run source available binary only in your own CI/CD. Use a source-available solution for complete control and transparency. Trivial setup, no software installation, compatible with many programming languages. Detects more than several thousand code and infrastructure issues and counting. You can review the issues, mark them as false positives, and collaborate on issues.Starting Price: €499 one-time payment -
10
Use keys to protect the secrets, personal data, and sensitive information you store in the cloud. Create and delete keys, set up access policies, and perform rotation via the management console, CLI, or API. Yandex KMS implements symmetric and asymmetric cryptography. Use the REST or RPC API to encrypt and decrypt small amounts of data, such as secrets and local encryption keys, as well as to sign data using e-signature schemes. You manage access to encrypted data, and Yandex KMS ensures the reliability and physical security of keys. Hardware Security Modules (HSMs) are available. Encrypt small amounts of data using the SDK in Java or Go. To encrypt larger amounts of data, the service is integrated with popular encryption libraries, including the AWS Encryption SDK and Google Tink. Integration with Yandex Lockbox makes it possible to encrypt secrets with your own keys. Secrets and data can also be protected using encryption keys in Managed Service for Kubernetes.Starting Price: $0.0230 per month
-
11
StepSecurity
StepSecurity
If you are using GitHub Actions for CI/CD and are worried about the security of CI/CD pipelines, StepSecurity platform is for you. Implement network egress control and CI/CD infrastructure security for GitHub Actions runners. Discover CI/CD risks and GitHub Actions security misconfiguration. Standardize GitHub Actions CI/CD pipeline as code files by automated pull requests. Provides runtime security to help you prevent SolarWinds and Codecov CI/CD security attacks by blocking egress traffic with an allowlist. Instant contextualized insight into network and file events for all workflow runs. Control network egress traffic with granular job-level and default cluster-wide policies. Many GitHub Actions are not maintained and are risky. Enterprises fork such Actions, but ongoing maintenance is expensive. By offloading the tasks of reviewing, forking, and maintaining Actions to StepSecurity, enterprises can realize substantial risk reduction and time savings.Starting Price: $1,600 per month -
12
Stream Security
Stream Security
Stay ahead of exposure risks & threat actors with real-time detection of config change impacts and automated threat investigations fused to posture and all activities. Track all changes, and detect critical exposure and toxic combinations before attackers do. Leverage AI to effectively address and fix issues using your preferred methods. Utilize any of your preferred SOAR tools to respond in real time or use our suggested code snippets. Harden and prevent external exposure & lateral movement risks, focus on risks that are truly exploitable. Detect toxic combinations of posture and vulnerabilities. Detect gaps from segmentation intent and implement zero-trust. Answer any cloud-related question fast with context. Maintain compliance, and prevent deviation from taking hold. We integrate with your existing investment. We can share more about our security policies and work with your security teams to deliver any specific requirements for your organization.Starting Price: $8,000 per year -
13
Resmo
Resmo
All-in-one platform for SaaS app and access management for modern IT teams. Streamline app discovery, identity security, user offboarding, access reviews, and cost tracking. Actively scan and notify for vulnerabilities with 100+ native integrations with your favorite tools. Review identity access permissions, OAuth risks, and SSO logins. Uncover shared accounts, weak passwords, excessive permissions, externally shared files, and more. Let them use the SaaS they need to get their job done quickly. Lift the burden of security checks on your IT and security teams with automation. Offboard employees securely with no dormant accounts left behind. We empower your team to take ownership of security without any roadblocks, ensuring a seamless and secure workflow. Get accurate visibility over the apps your employees login with their business accounts. Empower your workforce with SaaS adoption while maintaining control over your SaaS security posture.Starting Price: $2 per month -
14
Kontra
Security Compass
Kontra + Courses helps organizations build application security skills across development teams through a combination of 50+ video courses and 300+ hands-on vulnerability labs. Developers learn to identify, exploit, and remediate real vulnerabilities across 25+ technology stacks using practical code examples in their actual frameworks. Each Kontra lab walks through a real-world vulnerability scenario—like the 2021 Log4Shell exploit—then guides users through hands-on remediation with stack-specific code. This practical approach leads to 3x higher completion rates than traditional security training and helps AppSec teams scale secure coding practices without pulling developers out of their workflow. Most labs take under 10 minutes to complete. The platform is SCORM-compliant and integrates with existing LMS systems or can be delivered via hosted environment. Role-based curriculum aligns with NIST, ISO 27001, and PCI-DSS, and supports ISC2 co-branded certification.Starting Price: $400 per year -
15
KloudMate
KloudMate
Squash latencies, detect bottlenecks, and debug errors. Join a rapidly expanding community of businesses from around the world, that are achieving 20X value and ROI by adopting KloudMate, compared to any other observability platform. Quickly monitor crucial metrics, and dependencies, and detect anomalies through alarms and issue tracking. Instantly locate ‘break-points’ in your application development lifecycle, to proactively fix issues. View service maps for every component in your application, and uncover intricate interconnections and dependencies. Trace every request and operation, providing detailed visibility into execution paths and performance metrics. Whether it's multi-cloud, hybrid, or private architecture, access unified Infrastructure monitoring capabilities to monitor metrics and gather insights. Supercharge debugging speed and precision with a complete system view. Identify and resolve issues faster.Starting Price: $60 per month -
16
DataSet
DataSet
DataSet retains live, searchable real-time insights. Store indefinitely using DataSet-hosted or customer-managed, low-cost S3 storage. Ingest structured, semi-structured, and unstructured data faster than ever before. A limitless enterprise infrastructure for live data queries, analytics, insights, and retention, with no data schema requirements. The technology of choice for engineering, DevOps, IT, and security teams to unlock the power of data. Sub-second query performance powered by a patented parallel processing architecture. Work quicker and smarter to make better business decisions. Ingest hundreds of terabytes effortlessly. No rebalancing nodes, storage management, or resource reallocation. Scale on a limitless flexible platform. An efficient cloud-native architecture minimizes cost and maximizes output. Benefit from a predictable cost model with unmatched performance.Starting Price: $0.99 per GB per day -
17
The market-leading SIEM delivers comprehensive visibility, empowers accurate detection with context, and fuels operational efficiency. Unmatched, comprehensive visibility by seamlessly ingesting, normalizing, and analyzing data from any source at scale enabled by Splunk's data-powered platform with assistive AI capabilities. Utilize risk-based alerting (RBA) which is the industry’s only capability from Splunk Enterprise Security that drastically reduces alert volumes by up to 90%, ensuring that you're always honed in on the most pressing threats. Amplify your productivity and ensure the threats you're detecting are high fidelity. Native integration with Splunk SOAR automation playbooks and actions with the case management and investigation features of Splunk Enterprise Security and Mission Control delivers a single unified work surface. Optimize mean time to detect (MTTD) and mean time to respond (MTTR) for an incident.Starting Price: Free
-
18
ZITADEL
ZITADEL
ZITADEL is an open-source identity and access management platform designed to simplify authentication and authorization for applications. It offers a comprehensive suite of features, including customizable hosted login pages, support for modern authentication methods such as Single Sign-On (SSO) and social logins, and enforcement of multifactor authentication to enhance security. Developers can integrate authentication directly into their applications using ZITADEL's APIs or build dedicated login interfaces. The platform supports role-based access control, allowing for precise permission assignments based on user roles, and is inherently multi-tenant, facilitating easy extension of applications to new organizations. ZITADEL's extensibility enables seamless adaptation to various workflows, user management processes, and brand guidelines, with features like ZITADEL Actions that execute workflows after predefined events without the need for additional code deployment.Starting Price: $100 per month -
19
Trivy
Aqua Security
Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues. Trivy supports the most popular programming languages, operating systems, and platforms. Trivy is available in the most common distribution channels. Trivy is integrated with many popular platforms and applications. Trivy is integrated into many popular tools and applications so that you can easily add security to your workflow. Find vulnerabilities, misconfigurations, secrets, and SBOM in containers, Kubernetes, code repositories, clouds, and more.Starting Price: Free -
20
OpenFGA
The Linux Foundation
OpenFGA is an open source authorization solution that enables developers to implement fine-grained access control using a user-friendly modeling language and APIs. Inspired by Google's Zanzibar paper, it supports various access control models, including Relationship-Based Access Control (ReBAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). OpenFGA offers SDKs for multiple programming languages, such as Java, .NET, JavaScript, Go, and Python, facilitating seamless integration into diverse applications. The platform is designed for high performance, capable of processing authorization checks in milliseconds, making it suitable for projects ranging from small startups to large enterprises. Operating under the Cloud Native Computing Foundation (CNCF) as a sandbox project, OpenFGA emphasizes transparency and community collaboration, inviting contributions to its development and governance.Starting Price: Free -
21
Paralus
Paralus
Paralus is a free, open source tool that enables controlled, audited access to Kubernetes infrastructure. It provides just-in-time service account creation and user-level credential management, integrating seamlessly with existing Role-Based Access Control (RBAC) and Single Sign-On (SSO) systems. Paralus applies zero-trust security principles, ensuring secure access to Kubernetes clusters by generating, maintaining, and revoking access configurations across clusters, projects, and namespaces. It offers both a browser-based graphical user interface and command-line interface tools for managing kubeconfigs directly from the terminal. Additionally, Paralus includes comprehensive auditing tools that provide detailed logging of activities and resource access, facilitating real-time and historical tracking. Installation is straightforward, with Helm charts available for deployment across various environments, including major cloud providers and on-premises setups.Starting Price: Free -
22
authentik
authentik
authentik is an open source identity provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company that is building on top of the open-source project. Using a self-hosted, open-source identity provider means prioritizing security and taking control of your most sensitive data. With authentik, you no longer need to continually place your trust in a third-party service. Adopt authentik to your environment, regardless of your requirements. Use our APIs and fully customizable policies to automate any workflow. Simplify deployment and scaling with prebuilt templates and support for Kubernetes, Terraform, and Docker Compose. No need to rely on a third-party service for critical infrastructure or expose your sensitive data to the public internet. Use our pre-built workflows, or customize every step of authentication through configurable templates, infrastructure as code, and comprehensive APIs.Starting Price: $0.02 per month -
23
Authelia
Authelia
Authelia is an open source authentication and authorization server and portal fulfilling the identity and access management role of information security in providing multi-factor authentication and single sign-on for your applications via a web portal. It acts as a companion for common reverse proxies. With a compressed container size smaller than 20 megabytes and observed memory usage normally under 30 megabytes, it's one of the most lightweight solutions available. Written in Go and React, authorization policies and many other backend tasks are completed in mere milliseconds, and login portal loading times of 100 milliseconds make it one of the fastest solutions available. Processors can use a lot of electricity, but when idle, usage is basically so low that you can't measure it, and active usage in a small business environment being under 1% allows you to rest easy (with the exclusion of password hashing). Security is heavily considered as part of our design process.Starting Price: Free -
24
Duende IdentityServer
Duende
IdentityServer is a flexible and standards-compliant OpenID Connect and OAuth 2.0 framework for ASP.NET Core, offering full control over UI, UX, business logic, and data. IdentityServer is officially certified by the OpenID Foundation and implements over a dozen protocols and standards from the OpenID Foundation and IETF working groups. It supports unlimited hosting options, allowing deployment on-premises, in the cloud, behind a VPN, on Windows, Linux, Docker, or Kubernetes. Duende Software also offers additional products such as IdentityServer for Redistribution and a Backend for Frontend (BFF) security framework. Comprehensive documentation and training resources are available to support developers in implementing these solutions. Being fully standards-compliant is very important to us, and we want to give you access to every aspect of the OAuth and OpenID Connect protocol family.Starting Price: $1,500 per year -
25
Grafana Loki
Grafana
Grafana Loki is an open source log aggregation system designed to efficiently collect, store, and query logs from various sources. Unlike traditional logging systems, Loki is optimized for cloud-native applications, making it a great fit for modern, containerized environments like Kubernetes. It works seamlessly with Grafana for visualizing log data alongside metrics and traces, providing a unified observability platform. Loki indexes only metadata, such as labels and timestamps, which reduces the amount of data stored and improves query performance compared to more traditional log management systems. This lightweight approach allows for easier scalability and cost-effective storage. Loki also supports log aggregation from various sources, including Syslog, application logs, and container logs, and integrates with other observability tools to provide a complete view of system performance.Starting Price: Free -
26
ClearVector
ClearVector
ClearVector is an identity-driven security platform designed to provide real-time detection, investigation, and containment of threats across cloud-native environments. It offers instant notifications of risky activity with the ability to stop and isolate incidents with a single click, enabling rapid decision-making and accountability. ClearVector allows users to investigate incidents by identifying who made changes and why, applying existing incident response knowledge to AWS or GCP environments. ClearVector extends its identity-driven security framework into AWS S3 buckets through its bucket intelligence capability, offering real-time identity attribution for all bucket operations, detailed metrics, and rapid detection of suspicious activities. It also supports deployment directly within AWS environments via ClearVector Private SaaS, ensuring complete data isolation and compliance with data sovereignty requirements.Starting Price: $500 per month -
27
Constellation
Edgeless Systems
Constellation is a CNCF-certified Kubernetes distribution that leverages confidential computing to encrypt and isolate entire clusters, protecting data at rest, in transit, and during processing, by running control and worker planes within hardware-enforced trusted execution environments. It ensures workload integrity through cryptographic certificates and supply-chain security mechanisms (SLSA Level 3, sigstore-based signing), passes Center for Internet Security Kubernetes benchmarks, and uses Cilium with WireGuard for granular eBPF traffic control and end-to-end encryption. Designed for high availability and autoscaling, Constellation delivers near-native performance on all major clouds and supports rapid setup via a simple CLI and kubeadm interface. It implements Kubernetes security updates within 24 hours, offers hardware-backed attestation and reproducible builds, and integrates seamlessly with existing DevOps tools through standard APIs.Starting Price: Free -
28
KubeArmor
AccuKnox
KubeArmor is a cloud-native runtime security enforcement engine designed for Kubernetes workloads, containers, and virtual machines. It leverages eBPF and Linux Security Modules (LSMs) like AppArmor and SELinux to preemptively harden workloads and prevent attacks without modifying pods or containers. KubeArmor enforces real-time policy-based controls on process behavior, file access, networking, and resource usage. It simplifies complex security settings by providing Kubernetes-native policy management and detailed policy violation logging. Installation is straightforward via Helm charts, and it integrates seamlessly with multiple cloud marketplaces. KubeArmor’s proactive inline mitigation approach improves security beyond traditional post-attack responses.Starting Price: Free -
29
Dash0
Dash0
Dash0 is an OpenTelemetry-native observability platform that unifies metrics, logs, traces, and resources into one intuitive interface, enabling fast and context-rich monitoring without vendor lock-in. It centralizes Prometheus and OpenTelemetry metrics, supports powerful filtering of high-cardinality attributes, and provides heatmap drilldowns and detailed trace views to pinpoint errors and bottlenecks in real time. Users benefit from fully customizable dashboards built on Perses, with support for code-based configuration and Grafana import, plus seamless integration with predefined alerts, checks, and PromQL queries. Dash0's AI-enhanced tools, such as Log AI for automated severity inference and pattern extraction, enrich telemetry data without requiring users to even notice that AI is working behind the scenes. These AI capabilities power features like log classification, grouping, inferred severity tagging, and streamlined triage workflows through the SIFT framework.Starting Price: $0.20 per month -
30
NGINX
F5
NGINX Open Source: The open source web server that powers more than 400 million websites. NGINX Plus is a software load balancer, web server, and content cache built on top of open source NGINX. Use NGINX Plus instead of your hardware load balancer and get the freedom to innovate without being constrained by infrastructure. Save more than 80% compared to hardware ADCs, without sacrificing performance or functionality. Deploy anywhere: public cloud, private cloud, bare metal, virtual machines, and containers. Save time by performing common tasks through the built‑in NGINX Plus API. From NetOps to DevOps, modern app teams need a self‑service, API‑driven platform that integrates easily into CI/CD workflows to accelerate app deployment – whether your app has a hybrid or microservices architecture – and makes app lifecycle management easier.
