Inspektor Gadget
CNCF eBPF-based observability for Kubernetes: gadgets for tracing DNS, TCP, exec, and security events from kubectl.
Why it is included
Developer-friendly bridge between kubectl workflows and kernel-level visibility for debugging and security.
Best for
Platform engineers troubleshooting K8s networking and syscall-level behavior without bespoke BPF code.
Strengths
- CNCF sandbox
- kubectl integration
- Gadget ecosystem
Limitations
- Kernel/BTF requirements; not a full SIEM
Good alternatives
Tracee · Falco · kubectl debug plugins
Related tools
Security & Privacy
Falco
Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.
Security & Privacy
Tracee
Linux runtime security using eBPF to trace OS and container events with prebuilt signatures and pipeline exports.
Security & Privacy
Tetragon
eBPF-based security observability and runtime enforcement: process/exec monitoring, network hooks, and kill primitives integrated with Cilium.
Security & Privacy
Open Policy Agent (OPA)
General-purpose policy engine with Rego: unify authorization and config decisions across K8s, APIs, Terraform plans, and CI.
Security & Privacy
Kyverno
Kubernetes-native policy engine using YAML (no Rego) for validate, mutate, generate, and image verification rules.
Security & Privacy
Kubescape
Kubernetes security scanner for misconfigurations, RBAC, compliance frameworks (NSA/CIS), and image vulnerabilities.