Kubernetes Best Practices Made Easy

Simplify Kubernetes Operations: Effortlessly identify misconfigurations and vulnerabilities in your environments.

GithubView on GitHub

What is Zora OSS?

Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.

By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.

Multi-plugin architecture

Zora seamlessly integrates open source tools like Popeye, Marvin, and Trivy into its multi-plugin architecture as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.


All scan configurations and plugin reports, including misconfigurations and vulnerabilities, are securely stored as CRDs (Custom Resource Definitions) within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl command.

Kubernetes compliance

Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.

Custom checks

Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define the validation rules.

Are you interested?

Get started using Zora now to enjoy its features and also join our community and collaborate with us.

Looking for a full experience?

Zora Dashboard is our SaaS platform designed to seamlessly centralize the security posture management of your entire Kubernetes cluster ecosystem.