Kyverno
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, Git, and Kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources plus ensure OCI image supply chain security. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline. Kyverno allows cluster administrators to manage environment specific configurations independently of workload configurations and enforce configuration best practices for their clusters. Kyverno can be used to scan existing workloads for best practices, or can be used to enforce best practices by blocking or mutating API requests. Block non-conformant resources using admission controls, or report policy violations.
Learn more
env0
env0 is the best way to deploy and manage your IaC, including Terraform, Terragrunt, CloudFormation, Pulumi, Kubernetes, and others. The env0 platform enables users and teams to collaborate and provide self-service cloud deployments, all with advanced policies to meet governance and compliance. With env0, every engineer, from development, operations, and DevOps can deploy infrastructure simply, quickly and safely. Maximum productivity, minimum friction.
Learn more
Galgos AI
Galgos AI is your AI DevOps Assistant for cloud infrastructure, enabling you to generate compliant, secure infrastructure-as-code from simple natural-language prompts. It integrates AI-guided DevOps best practices to automatically produce Terraform, CloudFormation, and Kubernetes manifests that adhere to organizational compliance policies and security standards. By requesting resources in plain English—such as network configurations, identity and access management settings, encryption, logging, and monitoring- you accelerate cloud provisioning while benefiting from built-in modules for cost optimization and industry-standard frameworks (CIS, NIST, PCI DSS). It keeps its policy library up to date, performs real-time validation with remediation suggestions, and offers drift detection with auto-generated fixes. Generated code can be previewed, versioned, and integrated into existing CI/CD pipelines via API or CLI, with support for GitHub Actions, Jenkins and HashiCorp Vault.
Learn more
Cycode
A platform for security, governance, and pipeline integrity for all your development tools & infrastructure. Harden your source control management systems (SCM), find secrets, leaks and prevent code tampering. Scan your CI/CD settings and Infrastructure-as-Code (IaC) for security misconfiguration. Identify drift between production systems IaC configurations and prevent source code tampering. Stop developers from inadvertently exposing proprietary code in public repositories, fingerprint code assets and proactively identify exposure on public sites. Inventory assets, enforce security policies, and easily demonstrate compliance across all your DevOps tools and infrastructure, both in the cloud and on-premises. Scan IaC for security misconfigurations and ensure compliance between defined IaC configurations and production infrastructure. Scan every commit or pull/merge request for hard-coded secrets and prevent them from reaching the master branch across all SCMs and programming languages.
Learn more