OpenClarity is a suite of open source projects built to enhance the security and observability of cloud native applications and infrastructure.
OpenClarity delivers:
- Agentless detection and managements of vulnerabilities, exploits, malware and misconfigurations for virtual machines and container images
- Capabilities for runtime scans of Kubernetes and CI/CD pipelines
- Comprehensive API security for internal and third-party APIs
Website | Docs | Slack | Contributing guide | Security procedures | Code of Conduct
VMClarity is a tool for agentless detection and management of virtual machine Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations, and leaked secrets.
Key Capabilities:
- SBOM analysis
- Package and OS vulnerability detection
- Exploit detection
- Leaked secret detection
- Malware detection
- Misconfiguration detection
- Rootkit detection
KubeClarity is a tool for detection and management of software bills of materials (SBOMs) and vulnerabilities in container images and filesystems. It scans both runtime Kubernetes clusters and CI/CD pipelines for enhanced software supply-chain security.
Key Capabilities:
- SBOM and vulnerability detection
- Comprehensive dashboard for SBOM analysis
- Pluggable architecture
APIClarity is a tool that helps you visualize and identify potential risks around API usage in your cloud native environments. It helps build the OpenAPI specifications for all APIs in your environment, then helps track drift, shadow or zombie usage for those APIs. You can then use this information to build your application security posture.
Key Capabilities:
- Quick and easy API visibility and analysis
- Comprehensive dashboard to monitor APIs
- Designed for developers, loved by security teams