Netchecks proactively verifies whether your security controls are working as intended.

Netcheck takes a cloud native, policy as code approach, making no assumptions about how your security controls are implemented.

Automated security tests increase security and release velocity by removing manual security gates, such as validation and manual control implementation at a single checkpoint, which is time-consuming and inadequate. Automated security testing also demonstrates control efficacy on demand by explicitly attempting to carry out the threats, thus improving the system’s security and adherence to any embedded compliance requirements in real-time.

- CNCF Cloud Native Security Whitepaper

Concerned your security controls could inadvertently be removed or weakened?

Try actively testing your cloud infrastructure.

Netcheck periodically probes the network to detect when security assumptions are violated. Continuous validation of live workload environments increases confidence in security controls.

Preemptively detect and block weaknesses.

Detect vulnerabilities before they are exploited, and block them before they can be used.

Native Kubernetes Design

Supported by your existing tools

The primary interface is through a NetworkAssertion CRD. This CRD provides a cloud native way to dynamically declare a set of statements about the network - what should work and what shouldn't. The netcheck operator watches for new NetworkAssertion resources, creates CronJobs to carry out the tests periodically. The operator makes the test results available as PolicyReports.

Observable

Prometheus metrics for observability and alerting

The netcheck operator exposes Prometheus metrics for the number of NetworkAssertions, the number of tests that have been run, and the number of tests that have failed. These metrics can be used to monitor the overall health across namespaces and alert on failures.

Notifications

Integrated with Policy Reporter

The netcheck operator integrates with Policy Reporter to provide alerting and reporting capabilities. Policy Reporter is a Kubernetes controller from the Kyverno project that watches for PolicyReport resources and provides a web UI for viewing the results.

Detect non-compliance. Take action.

Get a step ahead of your adversaries by testing your security controls.

Schedule a demo

Simple pricing, for everyone.

No hidden fees, no surprises.

Open Source

Perfect for security professionals, small businesses, students, hobbyists, and open source projects.

Eligibility:

You or your company have less than $10M in annual revenue or funding.

Free

  • Unlimited netcheck operator installs
  • Unlimited NetworkAssertions
  • PolicyReports, Prometheus Metrics
Get started

Business

For security professionals at enterprise companies, large organizations, and government agencies.

USD 10,000/year

  • Unlimited netcheck operator installs
  • Unlimited NetworkAssertions
  • PolicyReports, Prometheus Metrics
  • Export reports, Alerts, and metrics
  • Technical support

Coming soon:

  • Managed netchecks service access
  • 100K external checks per month
Get started

Enterprise

For enterprise, large organizations, and government agencies.

Negotiable

  • Unlimited netcheck operator installs
  • Unlimited NetworkAssertions
  • PolicyReports, Prometheus Metrics
  • Export reports, Alerts, and metrics
  • Enterprise support

Coming soon:

  • Managed netchecks service access
  • 10M external checks per month
Get started

Frequently asked questions

If you can’t find what you’re looking for, email our support team and we will get back to you.

    • Where does the software run?

      Open source Netchecks runs entirely on your Kubernetes cluster. The operator runs as a Deployment and the individual assertions run as CronJobs in various namespaces.Netchecks Enterprise includes access to a managed service that runs from outside your environment.

    • What are the resource requirements?

      Entirely depends on the number and test frequency of your NetworkAssertions. Both the individual tests and the operator Pod have modest requirements.

    • Can Netchecks validate an external service's TLS certificate is valid?

      Sure can.

    • Who is behind Netchecks?

      Netchecks is fully owned by Hardbyte Limited. A technology company based in Christchurch, New Zealand.

    • Can I pay for my subscription via purchase order?

      Absolutely, please get in touch with [email protected]

    • All the code is on GitHub, right? Can I just run it myself?

      Yes, the core of netchecks is open source and you can run the operator and write NetworkAssertions yourself.

    • How do you generate reports?

      Using Kyverno's PolicyReporter. This is an emerging standard for reporting security policy violations.

    • Can we expect more features?

      Yes, we are working on a number of new features.

    • Are you raising?

      Not currently, we are just focused on developing the product and growing the business.