Screenshots

    Inactive-State
    Active State

    Comparison Table

    GitHub stars

    Popularity among the OSS community.

    Datree

    5.7k

    Snyk IaC

    2.6k

    Polaris

    2.7k

    Checkov

    2.7k

    Trivy

    2.7k

    Rules language

    The language in which the policy rules are written.

    Datree

    JSON Schema

    Snyk IaC

    Rego

    Polaris

    JSON Schema

    Checkov

    Python

    Trivy

    Rego

    Manifest scanning

    Scan Kubernetes configs (YAML files) for misconfigurations.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    K8s admission controller webhook

    Scan Kubernetes objects on deployment to production.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Native templating support

    Scan helm charts and Kustomize.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Built-in rules

    Pre-configured set of rules to validate your Kubernetes objects.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Schema validation

    Validate that your manifests meet Kubernetes schema.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    YAML validation

    Validate that your manifests are written in syntactical YAML.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Granular Permissions

    Assign read/write permissions to your policies and account.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Reporting and tracking

    Track and report on the status and outcome of previous scans.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Runtime audit

    Detect misconfigurations in your running workloads.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Shared policies

    Share the same policy across different users and machines. Edit once, run everywhere.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Scans explicit objects

    Reduce false negatives by scanning only explicit objects. Read more here.

    Datree

    Snyk IaC

    * No admission webhook

    Polaris

    Checkov

    * No admission webhook

    Trivy

    * No admission webhook

    Other IaC support

    Support for other IaC technologies such as Terraform.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Policy as code

    Manage your policies and rules from code.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Image scanning

    Scan images for vulnerabilities.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Dir path scanning

    Validate multiple files by scanning the folder in which they reside.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Project language

    The language in which the project is written.

    Datree

    Go

    Snyk IaC

    * No OSS offering

    Polaris

    Go

    Checkov

    Python

    Trivy

    Go

    Offline support

    The project can run without internet connection.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Mutation/Remediation

    Create workflow for fixing the detected misconfigurations.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Editable failure message

    Edit the message the user receives when objects fails to meet the policy.

    Datree

    Snyk IaC

    Polaris

    Checkov

    Trivy

    Reveal misconfigurations within minutes

    3 Quick Steps to Get Started