Alternatives to Datree
Compare Datree alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Datree in 2026. Compare features, ratings, user reviews, pricing, and more from Datree competitors and alternatives in order to make an informed decision for your business.
-
1
Massdriver
Massdriver
At Massdriver, we believe in prevention, not permission, letting ops teams enforce guardrails while developers deploy confidently. Our platform encodes your non-negotiables into self-service modules built with your preferred IaC (Terraform, Helm, OpenTofu, etc.) standardizing infrastructure across AWS, Azure, GCP, and Kubernetes out-of-the-box. By bundling policy, security, and cost controls into functional IaC assets, Massdriver cuts overhead for ops teams and speeds developer workflows. Through a central service catalog, developers can provision what they need with integrated monitoring, secrets management, and RBAC baked in. No more brittle IaC pipelines; ephemeral CI/CD spins up automatically from each module’s tooling. Scale faster with unlimited cloud accounts and projects, all while reducing risk and ensuring compliance. Massdriver—fast by default, safe by design.Starting Price: Free trial -
2
Cycode
Cycode
A platform for security, governance, and pipeline integrity for all your development tools & infrastructure. Harden your source control management systems (SCM), find secrets, leaks and prevent code tampering. Scan your CI/CD settings and Infrastructure-as-Code (IaC) for security misconfiguration. Identify drift between production systems IaC configurations and prevent source code tampering. Stop developers from inadvertently exposing proprietary code in public repositories, fingerprint code assets and proactively identify exposure on public sites. Inventory assets, enforce security policies, and easily demonstrate compliance across all your DevOps tools and infrastructure, both in the cloud and on-premises. Scan IaC for security misconfigurations and ensure compliance between defined IaC configurations and production infrastructure. Scan every commit or pull/merge request for hard-coded secrets and prevent them from reaching the master branch across all SCMs and programming languages. -
3
Galgos AI
Galgos AI
Galgos AI is your AI DevOps Assistant for cloud infrastructure, enabling you to generate compliant, secure infrastructure-as-code from simple natural-language prompts. It integrates AI-guided DevOps best practices to automatically produce Terraform, CloudFormation, and Kubernetes manifests that adhere to organizational compliance policies and security standards. By requesting resources in plain English—such as network configurations, identity and access management settings, encryption, logging, and monitoring- you accelerate cloud provisioning while benefiting from built-in modules for cost optimization and industry-standard frameworks (CIS, NIST, PCI DSS). It keeps its policy library up to date, performs real-time validation with remediation suggestions, and offers drift detection with auto-generated fixes. Generated code can be previewed, versioned, and integrated into existing CI/CD pipelines via API or CLI, with support for GitHub Actions, Jenkins and HashiCorp Vault. -
4
env0
env0
env0 is the best way to deploy and manage your IaC, including Terraform, Terragrunt, CloudFormation, Pulumi, Kubernetes, and others. The env0 platform enables users and teams to collaborate and provide self-service cloud deployments, all with advanced policies to meet governance and compliance. With env0, every engineer, from development, operations, and DevOps can deploy infrastructure simply, quickly and safely. Maximum productivity, minimum friction.Starting Price: $349 per month -
5
Bluebricks
Bluebricks
Bluebricks enables companies to create stable, governed cloud environments from reusable blueprints. No need to depend on DevOps for every request. The platform uses environment orchestration to work with existing Infrastructure as Code tools like Terraform and Helm. It adds AI capabilities to maintain consistency and eliminate configuration errors. Teams get self-service infrastructure provisioning while maintaining centralized governance and security controls across any cloud provider. The platform supports AWS, Google Cloud, Azure, Oracle, and Kubernetes environments. Organizations can transform complex deployments into standardized, reusable blueprints that work across environments. Automatic dependency tracking prevents breaking changes, while built-in RBAC and policy enforcement maintain enterprise security requirements. Bluebricks serves as the backend for internal developer portals, providing developers with infrastructure capabilities without sacrificing control. -
6
ops0
ops0
ops0 is the world's first AI Infrastructure Operator - making DevOps engineers 10x more productive. THREE AI AGENTS Infrastructure Agent - Discover unmanaged AWS resources and auto-generate Terraform. Turn months of migration into hours. Configuration Agent - Describe infrastructure in plain English. Get production-ready Terraform, Ansible, or Kubernetes manifests. Operations Agent - Hive monitors Kubernetes 24/7. Detect incidents, analyze logs, suggest fixes before outages happen. CAPABILITIES Infrastructure as Code, Configuration Management, Kubernetes Operations, Policy & Compliance, Workflow Automation, Resource Graph, Multi-Cloud (AWS, GCP, Azure).Starting Price: $250/month -
7
Kyverno
Kyverno
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, Git, and Kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources plus ensure OCI image supply chain security. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline. Kyverno allows cluster administrators to manage environment specific configurations independently of workload configurations and enforce configuration best practices for their clusters. Kyverno can be used to scan existing workloads for best practices, or can be used to enforce best practices by blocking or mutating API requests. Block non-conformant resources using admission controls, or report policy violations. -
8
Spacelift
Spacelift
Spacelift, via the Spacelift Infrastructure Orchestration Platform, manages the entire infrastructure lifecycle – provisioning, configuration and governance. Spacelift integrates with existing infrastructure tooling (e.g., Terraform, OpenTofu, CloudFormation, Pulumi, Ansible) to provide a single integrated workflow to deliver secure, cost-effective and resilient infrastructure, fast. Spacelift is redefining how infrastructure is provisioned and governed with Spacelift Intent, the first open source, agentic, natural language model for cloud infrastructure. Intent allows developers to provision resources instantly without writing HCL, while DevOps and Platform teams maintain full visibility, policy control, and auditability. Built on Terraform providers, Intent creates a new path for agility, complementing IaC and GitOps by making fast, low-ceremony provisioning safe and governed.Starting Price: $399 per month -
9
Security Auditor
Core Security (Fortra)
Simplified security policy management and file integrity monitoring software. Security Auditor centralizes security administration across your cloud, on premise, or hybrid environment. Our agentless technology allows you to quickly enforce security policy adherence and mitigate the risks of security misconfiguration, a leading cause of data breaches. Security Auditor automatically protects new systems as they come online and continuously monitors those systems, identifying any configuration settings that don’t match your requirements. You'll be notified of any policy exceptions and can make changes yourself from an easy-to-use, web-based console, which simplifies tasks and compliance reporting requirements. Or if you prefer more automation, you can run the FixIt function and let Security Auditor do the work for you. Security Auditor simplifies the identification and security configuration for your elastic cloud infrastructure. -
10
Stakpak
Stakpak
Stakpak is an open source AI DevOps agent built in Rust that runs in your terminal, CI/CD pipelines, or cloud environment to help you secure, deploy, and maintain production-ready infrastructure with intelligent automation and deep contextual awareness. It provides key capabilities such as incident handling to quickly identify root causes and implement fixes, cloud cost analysis with instant optimization insights, IAM security automation for reviewing and generating secure policies and audit scripts, and application containerization that automates the creation of well-tested, documented Dockerfiles. Stakpak works with your existing tools like Terraform, AWS, Kubernetes, Azure, and Docker while learning from your infrastructure to offer contextually relevant recommendations. It includes security-hardened features that detect and redact over 210 types of secrets and ships with a deterministic guardrail enforcer (Warden) to prevent destructive operations in production.Starting Price: Free -
11
Adaptive6
Adaptive6
Adaptive6 is a cloud cost governance and optimization platform that helps organizations detect, remediate, and prevent waste in both cloud infrastructure and code. It continuously scans multi-cloud, PaaS, and Infrastructure-as-Code environments to uncover hundreds of inefficiencies, including hidden “shadow waste” beyond obvious cost drivers, and provides engineers with rich context, AI-driven code fixes, remediation scripts, and automated pull requests to accelerate resolution. It embeds shift-left cost guardrails into CI/CD pipelines to proactively flag and prevent inefficiencies before deployment, and automates remediation workflows by identifying resource owners and creating tickets or change requests with technical guidance. With a unified dashboard for visibility, rightsizing recommendations for over-provisioned cloud and Kubernetes resources, policy enforcement, and tools to support cultural accountability, Adaptive6 enables teams to reduce cloud spend. -
12
Nirmata
Nirmata
Deploy production-ready Kubernetes clusters in days. Rapidly onboard users and applications. Conquer Kubernetes complexity with an intuitive and powerful DevOps solution. Eliminate friction between teams, enhance alignment, and boost productivity. With Nirmata’s Kubernetes Policy Manager, you’ll have the right security, compliance and Kubernetes governance to scale efficiently. Manage all your Kubernetes clusters, policies, and applications in one place while streamling operations with the DevSecOps Platform. Nirmata’s DevSecOps platform integrates with cloud providers (EKS, AKS, GKE, OKE, etc.) and infrastructure-based solutions (VMware, Nutanix, bare metal) and solves Kubernetes operations challenges for enterprise DevOps teams with powerful Kubernetes management and governance capabilities.Starting Price: $50 per node per month -
13
kpt
kpt
kpt is a package-centric toolchain that enables a WYSIWYG configuration authoring, automation, and delivery experience, which simplifies managing Kubernetes platforms and KRM-driven infrastructure at scale by manipulating declarative configuration as data, separated from the code that transforms it. Most Kubernetes users either manage their resources using conventional imperative graphical user interfaces, command-line tools (kubectl), and automation (e.g., operators) that operate directly against Kubernetes APIs, or declarative configuration tools, such as Helm, Terraform, cdk8s, or one of the dozens of other tools. At a small scale, this is largely driven by preference and familiarity. As companies expand the number of Kubernetes development and production clusters they use, creating and enforcing consistent configurations and security policies across a growing environment becomes difficult. -
14
indeni
indeni
Indeni’s security infrastructure automation platform monitors firewall health and auto-detects issues like misconfigurations or expired licenses before they affect network operations. It automatically prioritizes issues so you only receive the most important alerts. Indeni protects your cloud environment by taking a snapshot of it before it’s built. Our cloud security analysis tool, Cloudrail, reviews your infrastructure-as-code files so you can identify violations earlier in development when they’re easier to fix. Constant detection of HA unreadiness from cross-device inconsistencies in security policies, forwarding tables, and other configurations and state. Consistent measurement of device configuration skew against locally-defined organizational standards. Collect relevant performance and configuration data from leading firewalls, load balancers, and other security infrastructure. -
15
Checkov
Prisma Cloud
Verify changes to hundreds of supported resource types in all major cloud providers. Scan cloud resources in build-time for misconfigured attributes with a simple Python policy-as-code framework. Analyze relationships between cloud resources using Checkov’s graph-based YAML policies. Execute, test, and modify runner parameters in the context of a subject repository CI/CD and version control integrations. Extend Checkov to define your own custom policies, providers, and suppressions terms. Prevent misconfigurations from being deployed by embedding it into existing developer workflows. Enable automated pull/merge request annotations on your repositories without having to build a CI pipeline or run scheduled checks. The Bridge crew platform will automatically scan new pull requests and annotate them with comments for any policy violations discovered.Starting Price: Free -
16
KubeGrid
KubeGrid
Define your Kubernetes infrastructure, and use KubeGrid to automatically deploy, monitor, and optimize up to thousands of clusters. KubeGrid automates the full lifecycle management of Kubernetes in on-prem and cloud environments, enabling developers to deploy, manage, and update large numbers of clusters with ease. KubeGrid is a Platform as Code, meaning you can declaratively define all your Kubernetes requirements as code, from your on-prem or cloud infrastructure, to cluster specs, and autoscaling policies, and KubeGrid will deploy and manage everything for you. Most infrastructure-as-code tools help you provision infrastructure, but stop there. KubeGrid goes beyond that to help developers automate Day 2 operations, such as monitoring infrastructure, failing over unhealthy nodes, and updating your clusters and operating system. Kubernetes is great for provisioning pods in an automated fashion. -
17
Azure Kubernetes Service (AKS)
Microsoft
The fully managed Azure Kubernetes Service (AKS) makes deploying and managing containerized applications easy. It offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. Unite your development and operations teams on a single platform to rapidly build, deliver, and scale applications with confidence. Elastic provisioning of additional capacity without the need to manage the infrastructure. Add event-driven autoscaling and triggers through KEDA. Faster end-to-end development experience with Azure Dev Spaces including integration with Visual Studio Code Kubernetes tools, Azure DevOps, and Azure Monitor. Advanced identity and access management using Azure Active Directory, and dynamic rules enforcement across multiple clusters with Azure Policy. Available in more regions than any other cloud providers. -
18
Concourse Labs
Concourse Labs
Prevent internet exposure, unencrypted data, misconfigurations, secrets abuse, and more from being deployed into code repositories and in production. Concourse Labs’ platform quickly integrates into existing CI/CD toolchains to remove security and compliance friction, so developers can deliver code rapidly and safely. Our agentless technology continually evaluates cloud usage and automatically tests for drift, attack, misconfiguration, and misuse. Get actionable (and auditable) results in seconds, not weeks. Empower developers with immediate and specific cloud-native guidance, so they can remediate violations without needing security team intervention, and do so using their existing development tools. Fixes are automatically validated for compliance with policy. Validate complex expressions and eliminate dangerous false negatives by uncovering violations below the root stack that may be hiding within complex nested stacks. -
19
Gomboc
Gomboc
Use AI to continuously remediate all your cloud infrastructure vulnerabilities. Close the remediation gap between DevOps and security. Maintain your cloud environment through one platform that continuously ensures compliance and security. Security teams can decide on security policies and Gomboc produces the IaC for DevOps to approve. All manual IaC is reviewed by Gomboc inside the CI/CD pipeline to ensure there is no configuration drift. Never fall out of compliance again. Gomboc does not require you to lock your cloud-native architectures into a pre-defined platform or cloud service provider. We're built to operate with all major cloud providers with all major infrastructure-as-code tools. Decide on your security policies with the guarantee they'll be maintained through the lifecycle of the environment. -
20
AWS CloudFormation
Amazon
AWS CloudFormation is a infrastructure provisioning and management tool that provides you the ability to create resource templates that specifies a set of AWS resources to provision. The templates allow you to version control your infrastructure, and also easily replicate your infrastructure stack quickly and with repeatability. Define an Amazon Virtual Private Cloud (VPC) subnet or provisioning services like AWS OpsWorks or Amazon Elastic Container Service (ECS) with ease. Run anything from a single Amazon Elastic Compute Cloud (EC2) instance to a complex multi-region application. Automate, test, and deploy infrastructure templates with continuous integration and delivery (CI/CD) automation. AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code. Speed up cloud provisioning with infrastructure as code.Starting Price: $0.0009 per handler operation -
21
Fugue
Fugue
The Fugue Platform empowers teams with the tools to build, deploy and maintain cloud security at every stage of the development lifecycle. We're so confident that you'll get immediate value with Fugue that we guarantee it. Fugue leverages the open source Open Policy Agent (OPA) standard for IaC and cloud infrastructure policy as code. Build IaC checks into git workflows and CI/CD pipelines with Regula—an open-source tool powered by OPA. Develop custom rules—including multi-resource checks—using Rego, the simple and powerful open source language of OPA. Govern your IaC security for cloud resources, Kubernetes, and containers in one place and ensure consistent policy enforcement across the development lifecycle. View the results of security and compliance checks on IaC across your organization. Access and export tenant-wide, IaC-specific security and compliance reports. -
22
Oracle Cloud Infrastructure (OCI) Resource Manager is an Oracle-managed service that automates deployment and operations for all Oracle Cloud Infrastructure resources. Unlike Infrastructure-as-Code (IaC) offerings from other cloud vendors, the service is based on Terraform, a widely used, open source industry standard that allows DevOps engineers to develop and deploy their infrastructure anywhere. IaC allows repeatable deployments of configurations, increasing developer productivity. For auditing, Resource Manager tracks changes to infrastructure by users and timestamps. Explore an architecture and Terraform configuration for using Oracle Autonomous Data Warehouse and Oracle Analytics Cloud to optimize data management.
-
23
Rapid7 Exposure Command
Rapid7
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context. Prioritize remediation from endpoint to cloud with a leader in exposure management. Stay ahead of attackers with critical context to extinguish vulnerabilities, policy gaps, and misconfigurations across hybrid environments. Enrich continuous attack surface monitoring with deep environmental context and automated risk scoring to identify and remediate toxic combinations. Get a clear picture of asset posture, ownership, and policy gaps across hybrid environments that necessitate compliance with regulatory frameworks. Avoid cloud risk before it reaches production with infrastructure-as-code (IaC) and continuous web app scanning that provides actionable feedback to developers. Exposure Command provides a more complete context for teams to manage the risk that matters most to the business. -
24
KubeArmor
AccuKnox
KubeArmor is a cloud-native runtime security enforcement engine designed for Kubernetes workloads, containers, and virtual machines. It leverages eBPF and Linux Security Modules (LSMs) like AppArmor and SELinux to preemptively harden workloads and prevent attacks without modifying pods or containers. KubeArmor enforces real-time policy-based controls on process behavior, file access, networking, and resource usage. It simplifies complex security settings by providing Kubernetes-native policy management and detailed policy violation logging. Installation is straightforward via Helm charts, and it integrates seamlessly with multiple cloud marketplaces. KubeArmor’s proactive inline mitigation approach improves security beyond traditional post-attack responses.Starting Price: Free -
25
Pulumi
Pulumi
Modern Infrastructure as Code. Create, deploy, and manage infrastructure on any cloud using familiar programming languages and tools. Many clouds, one workflow. Use the same language, tools, and workflow, on any cloud. Collaborate. Harmonize your engineering practices between developers and operators. Easy continuous delivery. Deploy from the CLI, or integrate with your favorite CI/CD system, and review all changes before they are made. Tame complexity. Gain visibility across all of your environments. Audit and secure. Know who changed what, when, and why. Enforce deployment policies with your identity provider of choice. Secrets management. Keep secrets safe with easy, built-in encrypted configuration. Familiar programming languages. Define infrastructure in JavaScript, TypeScript, Python, Go, or any .NET language, including C#, F#, and VB. Your favorite tools. Use familiar IDEs, test frameworks, and tools. Share and reuse. Codify best practices and policies. -
26
BoostSecurity
BoostSecurity
BoostSecurity® enables early detection and remediation of security vulnerabilities at DevOps velocity while ensuring the continuous integrity of the software supply chain at every step from keyboard to production. Get visibility into the security vulnerabilities in code, cloud and CI/CD pipeline misconfigurations in your software supply chain in minutes. Fix security vulnerabilities in code, cloud and CI/CD pipeline misconfigurations as you code, in pull requests, before they sneak into production. Create & govern policies consistently and continuously across code, cloud and CI/CD organizationally to prevent classes of vulnerabilities from re-occurring. Consolidate tool and dashboard sprawl through a single control plane for trusted visibility into the risks of your software supply chain. Build and amplify trust between developers & security for scalable DevSecOps through high fidelity, zero friction SaaS automation. -
27
Cloudify
Cloudify Platform
Manage all private and public environments from one platform using a single CI/CD plugin that connects to ALL automation toolchains. Including Jenkins, Kubernetes, Terraform, Cloud Formation, Azure ARM and more. No installation, no downloads … and on us for the first 30 days. Built-in integration with infrastructure orchestration domains including AWS Cloud formation, Azure ARM, Ansible and Terraform. Service Composition Domain-Specific Language (DSL) – simplifies the relationship between services, handling cascading workflows, shared resources, distributed life-cycle management and more. Orchestration of cloud native Kubernetes services across multiple clusters: OpenShift, GKE, EKS, AKS and KubeSpray. Access a built-in blueprint to automate cluster setup and configuration. Built-in integration with Jenkins and other CI/CD platforms providing a ‘one-stop-shop’ for integrating all orchestration domains to your CI/CD pipeline. -
28
DynamicPolicy
Zequel Technologies
DynamicPolicy by Zequel Technologies is a web-based policy and procedure management software built to help companies streamline regulatory compliance and corporate governance program. With DynamicPolicy, organizations can easily create, distribute, publish, and enforce corporate policies and procedures. The platform also comes with a quiz module to help management teams measure employees' understanding of company policies. -
29
Trellix Cloudvisory
Trellix
Uniform visibility into disparate, multi-cloud infrastructure through a single console. Reduce risk of cloud security misconfiguration resulting in exposure and compliance violation. Proactive cloud security posture using machine learning to intelligently detect anomalies. As companies continue the rush to the cloud, new threats bring additional challenges to cyber defense. At the same time, cyber security teams must shift from being perceived as a bottleneck to an enabler of business. Learn from seasoned experts, with real world examples of how to move at the speed of cloud while keeping your organization secure. Cloud-native governance of microsegmentation policies via cloud-native firewalls and security controls. Orchestrated remediation of compliance failures & governance of desired-state security policies. -
30
Remedio
Remedio
Remedio is an AI-powered, autonomous device posture management platform that continuously discovers, monitors, and remediates security misconfigurations and configuration drift across enterprise IT and OT environments to reduce attack surface, enforce compliance, and harden endpoint security without disruption. It delivers real-time visibility into configuration risks on devices running Windows, macOS, and Linux, as well as cloud instances and servers, and automatically applies safe remediation actions that are instantly reversible, giving security teams confidence when closing gaps without business impact. Remedio simplifies policy validation and enforcement by benchmarking settings against security standards such as CIS, NIST, and MITRE frameworks and continuously re-applies policies across updates, user changes, and new devices to maintain consistent secure baselines. It provides centralized control and governance of Active Directory, Group Policy, MDM, and Intune settings. -
31
AWS Serverless Application Model (AWS SAM) consists of two parts: AWS SAM templates and the AWS Serverless Application Model Command Line Interface (AWS SAM CLI). AWS SAM templates provide a short-hand syntax, optimized for defining Infrastructure as Code (IaC) for serverless applications. An extension of AWS CloudFormation, you deploy AWS SAM templates directly to CloudFormation, benefiting from its extensive IaC support on AWS. The AWS SAM CLI is a developer tool that puts AWS SAM features at your fingertips. Use it to quickly create, develop, and deploy serverless applications. Some of the many features of AWS SAM include AWS Serverless Application Model Accelerate (AWS SAM Accelerate), which speeds up local development and cloud testing, and AWS SAM CLI integrations, extending AWS SAM to other tools such as the AWS Cloud Development Kit (AWS CDK) and Terraform. Streamline your serverless development cycle, quickly and efficiently taking an idea to production.Starting Price: Free
-
32
Styra
Styra
The fastest and easiest way to operationalize Open Policy Agent across Kubernetes, Microservices or Custom APIs, whether you're a developer, an admin, or a bit of both. Need to limit which folks can access your pipeline, based on who is currently on call? Simple. Want to define which microservices can access PCI data? We got you. Have to prove compliance with regulations across your clusters? No sweat. Built on open-source, and declarative by design, Styra Declarative Authorization Service gives you a turnkey OPA control plane to mitigate risk, reduce human error, and accelerate development. A built-in library of policies. Built on our OPA project let you implement and customize authorization policy-as-code. Pre-running lets you monitor and validate policy changes before committing, to mitigate risk before deployment. Declarative model defines desired state to prevent security drift and eliminate errors, before they can occur.Starting Price: $70 per month -
33
Cyral
Cyral
Granular visibility and policy enforcement across all your data endpoints. Designed to support your infrastructure-as-code workflows and orchestration. Dynamically scales to your workloads, with sub millisecond latency. Easily clicks with all your tools with no changes to your applications. Enhance cloud security with granular data access policies. Extend Zero Trust to the data cloud. Protect your organization from data breaches. Increase trust with your customers and provide assurance. Cyral is built to handle the unique performance, deployment and availability challenges of the data cloud. With Cyral you see the full picture. Cyral’s data cloud sidecar is a featherweight and stateless interception service that enables real time observability into all data cloud activity, and granular access controls. Highly performant and scalable interception. Prevention of threats and malicious access to your data that would go otherwise undetected.Starting Price: $50 per month -
34
Morpheus
Morpheus Data
Reduce cloud cost 30%, provision 150x faster, close security holes, and deploy hybrid-cloud automation in record time. Morpheus is a powerful self-service engine to provide enterprise agility, control, and efficiency. Quickly enable on-prem private clouds, centralize public cloud access, and orchestrate change with cost analytics, governance policy, and automation. Create private clouds, manage public clouds, and consolidate Kubernetes deployment. Provision applications from an on-demand catalog, API/CLI, ITSM, or infrastructure-as-code. Simplify authentication, establish access controls, set policies, and manage security posture. Automate lifecycles from cradle to grave, run workflows, and simplify day-2 actions. Inventory brownfields, rightsize resources, track cloud spend, and centralize visibility. -
35
Azure Policy
Microsoft
Reduce the time needed to audit your environments by having all your compliance data in a single place. Set guardrails throughout your resources to help ensure cloud compliance, avoid misconfigurations, and practice consistent resource governance. Reduce the number of external approval processes by implementing policies at the core of the Azure platform for increased developer productivity. Control and optimize your cloud spend to get more value from your investment. -
36
Staff.Wiki
WorkflowFirst Software
Staff.Wiki lets you centralize and "wikify" your organization's Policies & Procedures. Provide one up-to-date source for all of your staff's guidance so nobody is ever left guessing or searching around for the latest policy or procedures document. Request staff to acknowledge policies, re-enforce learning with quizzes, connect staff to subject matter experts with in-page webchat, bring procedures to life with interactive checklists, and manage changes to any policy with approval workflow. Sign up for a free trial today. -
37
Tigera
Tigera
Kubernetes-native security and observability. Security and observability as code for cloud-native applications. Cloud-native security as code for hosts, VMs, containers, Kubernetes components, workloads, and services to secure north-south and east-west traffic, enable enterprise security controls, and ensure continuous compliance. Kubernetes-native observability as code to collect real-time telemetry, enriched with Kubernetes context, for a live topographical view of interactions between components from hosts to services. Rapid troubleshooting with machine-learning powered anomaly and performance hotspot detection. Single framework to centrally secure, observe, and troubleshoot multi-cluster, multi-cloud, and hybrid-cloud environments running Linux or Window containers. Update and deploy policies in seconds to enforce security and compliance or resolve issues. -
38
AWS App2Container
Amazon
AWS App2Container (A2C) is a command line tool for migrating and modernizing Java and .NET web applications into container format. AWS A2C analyzes and builds an inventory of applications running in bare metal, virtual machines, Amazon Elastic Compute Cloud (EC2) instances, or in the cloud. Save on infrastructure and training costs by streamlining application development and operational skill sets. Accelerate modernization with automatic analysis of applications and autogenerated container images. Containerize applications running in your data center without code changes. Migrate and modernize legacy applications while standardizing the deployment and operations of your applications. Use AWS CloudFormation templates that configure required compute, network, and security infrastructure. Use pre-created continuous integration and delivery (CI/CD) pipelines for AWS DevOps services. -
39
Chef Infra
Progress Software
Chef® Infra® configuration management software eliminates manual efforts and ensures infrastructure remains consistent and compliant over its lifetime — even in the most complex, heterogenous, and large-scale environments. Define configurations and policies as code that are testable, enforceable and can be delivered at scale as part of automated pipelines. Ensure configurations only change if a system diverges from the desired defined state and automatically correct configuration drift, if needed. Manage Windows and Linux systems running on prem, ARM systems running in the cloud or Macs laptops running at the edge all the same way. Use simple declarative definitions for common tasks or easily extend them to support the most unique environmental requirements. Enforce policy by converging the system to the state declared by the various resources. Reduce risks by iterating on policy changes before pushing them to production.Starting Price: $127 per year -
40
Brainboard
Brainboard
Brainboard is an AI-driven platform designed for cloud architects, DevOps teams, and platform engineers to visually design, deploy, and manage multi-cloud infrastructures while automatically generating Infrastructure as Code. With support for major cloud providers and deep integration with Terraform/OpenTofu, users can drag-and-drop architecture diagrams that are instantly translated into ready-to-use Terraform code, enabling “design first, code when needed”. The platform also includes features such as CI/CD pipelines tailored for infrastructure, drift detection, versioning, and role-based access controls to ensure governance, consistency, and collaboration across teams. Brainboard supports the creation of reusable service-catalog templates, enabling internal teams to self-provision validated, compliant infrastructure without constant reliance on central DevOps.Starting Price: $99 per month -
41
Chef
Progress Software
Chef turns infrastructure into code. With Chef, you can automate how you build, deploy, and manage your infrastructure. Your infrastructure becomes as versionable, testable, and repeatable as application code. Chef Infrastructure Management ensures configurations are applied consistently in every environment with infrastructure management automation. Chef Compliance makes it easy to maintain and enforce compliance across the enterprise. Deliver successful application outcomes consistently at scale with Chef App Delivery. Chef Desktop allows IT teams to automate the deployment, management, and ongoing compliance of IT resources. Ensure configurations are applied consistently in every environment. Powerful policy-based configuration management system software. Runbook automation to consistently define, package & deliver applications. IT automation & DevOps dashboards for operational visibility. -
42
Spyderbat
Spyderbat
Secure your cloud native runtime environments from external attacks, misconfigurations, and insider threats. By probing eBPF, Spyderbat builds a map of activities from cloud systems and containers with their causal relationships. Using this CausalContext map, Spyderbat fingerprints workload behaviors, enforces security policies, performs signatureless attack prevention, and provides immediate visibility to root cause. Spyderbat’s A3C Engine immediately assembles data into a visual map based on causal relationships for real time and historic views. Automatically create fingerprints of workload behavior and convert to policies that notify or even block new behavior. -
43
Raivana
Raivana
Write access control policy. Easily. Discover the faster, easier way to write access control policy. Our team consists of experts who have worked in many industries. Raivana allows you to write access control policy in plain old English. This means everyone in your organization can write policy from day one. This saves you time, resources, and money. You can upload documents created in popular applications like Microsoft Word, TextEdit, and Notepad documents. We support DOC, DOCX, TXT, and RTF file formats. We translate the documents automatically to eXtensible Access Control Markup Language (XACML). Don't worry about managing infrastructure. We take care of all that for you. With 99.999% uptime, you are almost guaranteed to be able to author policy 24/7. -
44
Red Hat Advanced Cluster Management for Kubernetes controls clusters and applications from a single console, with built-in security policies. Extend the value of Red Hat OpenShift by deploying apps, managing multiple clusters, and enforcing policies across multiple clusters at scale. Red Hat’s solution ensures compliance, monitors usage and maintains consistency. Red Hat Advanced Cluster Management for Kubernetes is included with Red Hat OpenShift Platform Plus, a complete set of powerful, optimized tools to secure, protect, and manage your apps. Run your operations from anywhere that Red Hat OpenShift runs, and manage any Kubernetes cluster in your fleet. Speed up application development pipelines with self-service provisioning. Deploy legacy and cloud-native applications quickly across distributed clusters. Free up IT departments with self-service cluster deployment that automatically delivers applications.
-
45
Solvo
Solvo
Solvo creates a unique security configuration based on each environment. Solvo enforces the least-privilege configuration that was created for you. Solvo enables you to view and control your infrastructure inventory, security posture and risks. Migrating your workloads from an on-prem data center to the cloud? Building a cloud-native application? We know that the security part can be tedious. But don’t let it prevent you from doing it right. Historically, cloud infrastructure misconfigurations have been detected in the production environment. That means that from the moment your detection system discovers the misconfiguration, you are racing against time to mitigate damage and remediate the issue. At Solvo, we believe that cloud security issues should be detected and remediated as early as possible. We’re bringing shift-left to cloud security.Starting Price: $99 per month -
46
Ozone
Ozone
Ozone platform helps enterprises to ship modern applications quickly, securely and reliably. Ozone removes the unwanted headache of managing too many DevOps tools and makes it super easy for anyone to deploy applications on Kubernetes clusters. Just integrate all your existing DevOps tools and automate your application delivery process end-to-end. Accelerate deployments with automated pipeline workflows and on demand infrastructure management with zero downtime. Prevent business losses by enforcing governance and compliance policy for app deployments at scale. Single pane of glass where engineering, DevOps and Security teams can collaborate on application releases in realtime. -
47
authentik
authentik
authentik is an open source identity provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company that is building on top of the open-source project. Using a self-hosted, open-source identity provider means prioritizing security and taking control of your most sensitive data. With authentik, you no longer need to continually place your trust in a third-party service. Adopt authentik to your environment, regardless of your requirements. Use our APIs and fully customizable policies to automate any workflow. Simplify deployment and scaling with prebuilt templates and support for Kubernetes, Terraform, and Docker Compose. No need to rely on a third-party service for critical infrastructure or expose your sensitive data to the public internet. Use our pre-built workflows, or customize every step of authentication through configurable templates, infrastructure as code, and comprehensive APIs.Starting Price: $0.02 per month -
48
OpenText Network Automation
OpenText
Pass audit and compliance requirements easily with proactive policy enforcement and audit and compliance reports. Improve network security by recognizing and fixing security vulnerabilities before they impact your network. Reduce costs by automating time-consuming manual compliance and configuration tasks. Hear how Greenlight group enabled one customer with over 4000 retail outlets to automate their network provisioning and facilitate hardware upgrades with Network Automation, resulting in lower costs and increased business support. Increase network stability and uptime by preventing inconsistencies and misconfigurations. Utilize configuration changes to determine if performance issues are related. -
49
Infrabase
Infrabase
Infrabase is an AI‑powered DevOps agent that continuously scans GitHub infrastructure-as-code (IaC) in context to detect and flag security vulnerabilities, cost anomalies, and policy violations before they reach production. It integrates with GitHub via an app, securely indexes repositories (without storing raw code), and uses LLMs such as Claude, Gemini, or OpenAI to generate natural-language review checklists. Developers can define custom guardrails using Markdown-based rules instead of complex policy languages. On each pull request, Infrabase provides blast-radius insights, severity scoring, and even merge-blocking triggers for critical issues. It highlights deviations from internal coding patterns and uncovers hidden costs or poorly configured resources. -
50
Terraform
HashiCorp
Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. Write infrastructure as code using declarative configuration files. HashiCorp Configuration Language (HCL) allows for concise descriptions of resources using blocks, arguments, and expressions. Run terraform plan to check whether the execution plan for a configuration matches your expectations before provisioning or changing infrastructure. Apply changes to hundreds of cloud providers with terraform apply to reach the desired state of the configuration. Define infrastructure as code to manage the full lifecycle — create new resources, manage existing ones, and destroy those no longer needed.
