ConfigSafe scans Dockerfiles, Kubernetes manifests, Terraform, CI/CD pipelines, and Nginx configs for security misconfigurations. Locally. Before you deploy.
80% of Kubernetes breaches trace back to misconfigurations. A privileged container, an open port, a missing network policy. ConfigSafe catches them all before deployment.
Dockerfiles, docker-compose, multi-stage builds. Catches root users, exposed ports, hardcoded secrets, and insecure base images.
Deployments, services, RBAC, network policies, pod security. Validates privilege escalation, resource limits, and namespace isolation.
AWS, GCP, Azure resource security, state encryption. Detects public buckets, open security groups, and unencrypted volumes.
GitHub Actions, GitLab CI, Jenkinsfile security. Flags hardcoded tokens, overly permissive permissions, and insecure artifact handling.
Nginx, Apache security headers, SSL/TLS config. Validates HSTS, CSP, certificate chains, and cipher suite strength.
Map findings to CIS Docker, K8s, and cloud benchmarks. Generate compliance reports aligned with industry standards.
| Feature | ConfigSafe | Checkov ($299/mo) | Trivy ($0) | Hadolint ($0) |
|---|---|---|---|---|
| Price | Free / $19 / $39 | $299/mo | Free (complex) | Free (Docker only) |
| Runs Locally | ✓ | ✓ | ✓ | ✓ |
| Docker Scanning | ✓ | ✓ | ✓ | ✓ |
| Kubernetes | ✓ | ✓ | ✓ | ✗ |
| Terraform | ✓ | ✓ | ✗ | ✗ |
| CI/CD Pipelines | ✓ | ✗ | ✗ | ✗ |
| Nginx / Apache | ✓ | ✗ | ✗ | ✗ |
| CIS Benchmarks | ✓ | ✓ | ✗ | ✗ |
| Pre-commit Hooks | ✓ | ✗ | ✗ | ✓ |
| Zero Config | ✓ | ✗ | ✗ | ✓ |
| Setup Time | 30 seconds | 20+ min | 10+ min | 5 min |
Start scanning for free. Upgrade for full infrastructure coverage.
No spam. One email per week max. Unsubscribe anytime.
Install ConfigSafe in 30 seconds. Find them before attackers do.