Configuration Security

Continuous monitoring and alerting for container images, workloads, and misconfigured Kubernetes environments


As your organization deploys containerized workloads in Kubernetes environments, you will be faced with many configuration choices related to images, containers, control plane, and data plane. Setting these configurations improperly creates a high-impact security and compliance risk for business. Security, DevOps, and platform owners need the ability to continuously assess build artifacts, workloads, and infrastructure against configuration hardening standards and automatically remediate any violations.

Calico Cloud’s configuration security capabilities are purpose-built for Kubernetes and container environments. Calico Cloud continuously monitors images, workloads, and Kubernetes infrastructure against common configuration security standards (CIS Benchmarks) and provides a detailed assessment report. Application and infrastructure owners can integrate these reports into their CI/CD pipeline or incident response workflows for active remediation.


Breach Prevention

Quickly detect and remediate misconfigurations in your Kubernetes environments and eliminate attack vectors

Configuration Compliance

Meet internal and external regulatory compliance by continuously assessing Kubernetes workloads against your configuration hardening standards

Predefined and scheduled reporting

Run compliance reports on demand or on a recurring schedule (hourly, daily, weekly, or monthly)


Custom Pass Fail Thresholds

Calico Cloud’s configuration security feature assesses your Kubernetes environment against CIS benchmarks. You have the ability to customize and exclude certain checks when assessing workloads against hardening standards like CIS Benchmarks.

CIS Compliance Reports

Calico Cloud configuration security includes a periodic assessment report that provides CIS Benchmark compliance across all the dyamic assets that may have existed in your Kubernetes environment during the report period. An overall score is available for each in-scope asset that can be compared against configurable pass/fail thresholds.

How It Works


See how Calico Cloud’s configuration security helps you manage your security and compliance posture for your Kubernetes and container environments.



Learn More

Technical Blog

Learn More

Calico Cloud Datasheet

Learn More