Cloud Native @Scale
Tue, Apr 19, 10:00 AM (PDT)

About this event

This meetup will look at some of the most popular security and compliance projects under the CNCF umbrella. These tools can help teams apply policy management, check CVEs, ensure regulatory compliance, protect web traffic, secure frequent software patching, automate TLS issuances, and other vital actions. Most packages below are designed for Kubernetes and offer integrations with popular cloud-native infrastructures.

Projects confirmed so far are

  • Falco: Mark Stemm, Software Engineer at Sysdig
  • Kyverno: Jim Bugwadia, Co-founder and CEO of Nirmata
  • Curiefense: Züri Bar Yochay, Founder at Reblaze


Project information:

🔶 Falco, the cloud-native runtime security project, is the de facto Kubernetes threat detection engine. Falco is the first runtime security project to join CNCF as an incubation-level project. Falco acts as a security camera detecting unexpected behavior, intrusions, and data theft in real-time.

🔶Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans.Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.

🔶 Curiefense is a new application security platform, which protects sites, services, and APIs. It extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site scripting (XSS), account takeovers (ATOs), application-layer DDoS, remote file inclusion (RFI), API abuse, and more