LFX Platform

Know more about LFX Platform

LFX Insights

Cloud/Container Security Tools

Software for protecting cloud-based and containerized applications and data

15 projects

25,756 contributors

$1.6B

Cilium

Cilium is an open source software for providing, securing and observing network connectivity between container workloads - cloud native, and fueled by the revolutionary Kernel technology eBPF.

Contributors

7,756

Organizations

2,206

Software value

$1.1B

Calico

Calico is an open source networking and security solution for containers, virtual machines, and native host-based workloads. It provides a pure Layer 3 approach to virtual networking that uses standard IP routing principles and offers features like network policy enforcement, dynamic service insertion, and troubleshooting tools.

Contributors

4,394

Organizations

1,166

Software value

$31M

Kyverno

Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies.

Contributors

3,540

Organizations

1,041

Software value

$96M

Falco

Falco, the open source cloud-native runtime security project, is the defacto Kubernetes threat detection engine. Falco detects unexpected application behavior and alerts on threats at runtime.

Contributors

2,912

Organizations

781

Software value

$61M

Prowler

Prowler is an open-source security assessment tool designed to perform security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness assessment of AWS cloud environments. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional security best practices.

Contributors

1,554

Organizations

224

Software value

$46M

saml2aws

A command line tool that enables federated single sign-on (SSO) access to AWS accounts using SAML 2.0, allowing users to login and retrieve AWS temporary credentials via various identity providers

Contributors

1,503

Organizations

409

Software value

$967K

Kubescape

Kubescape is an open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA hardening guidance and the MITRE ATT&CK® . Kubescape scans K8s clusters, YAML files, and HELM charts, and detect misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline and provides a risk score instantly and risk trends over time. Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI and Github workflows. Kubescape policies are based on Open Policy Agent and the REGO language. A key idea behind Kubescape it to put security capabilities at the hands of the Developers and the DevOps teams. Our vision is to create a wide open-source Kubernetes security project with capabilities that will span across configuration control, vulnerabilities, RBAC management and runtime security - all made for developers and DevOps to add to their tools in a native way.

Contributors

1,246

Organizations

377

Software value

$83M

Sealed Secrets

A Kubernetes controller and tool that allows users to encrypt their Kubernetes Secrets into SealedSecrets, which can be safely stored in public repositories or transmitted over untrusted networks. The encrypted secrets can only be decrypted by the controller running in the target cluster.

Contributors

1,140

Organizations

476

Software value

$633K

kube-bench

kube-bench is a security assessment tool that checks whether Kubernetes deployments follow CIS (Center for Internet Security) benchmarks by running automated tests against Kubernetes clusters to identify misconfigurations and security vulnerabilities

Contributors

785

Organizations

234

Software value

$2.6M

StackRox

StackRox is a Kubernetes-native security platform that helps organizations secure their container and Kubernetes environments through vulnerability management, compliance, network segmentation, configuration management, and threat detection capabilities.

Contributors

469

Organizations

75

Software value

$97M

Honggfuzz

Honggfuzz is a security-oriented fuzzer with evolutionary, feedback-driven fuzzing capabilities. It supports various operating systems and CPU architectures, featuring unique instrumentation methods, flexible fuzzing strategies, and crash analysis tools to help identify software vulnerabilities.

Contributors

350

Organizations

95

Software value

$761K

iamlive

iamlive is a tool that generates AWS IAM policies by monitoring AWS API calls made by an application in real-time, helping developers create least-privilege IAM policies based on actual usage patterns

Contributors

107

Organizations

41

Software value

$81M

Looking for a project that’s not listed?