Automated trust scoring and behavioral guardrails for OpenShift platforms. Collects signals from deployments, tests, scans, and incidents to calculate dynamic karma scores; then enforces appropriate platform constraints based on trust tiers.
Reliable teams get autonomy; others get protection.

• Signal aggregation from any source (webhooks, Prometheus, CRDs)
• Trust tiers with configurable thresholds
• Uses Validating Admission Policies for efficient and OpenShift native enforcement
• Anti-gaming measures prevent artificial score inflation

Declarative metadata management for Kubernetes and OpenShift. Define labeling policies once; Tagger enforces them across your entire cluster automatically. Eliminate manual tagging drift, enable accurate cost attribution, and maintain compliance without operational overhead.

• Populate dynamic values from namespaces, ConfigMaps, or external APIs
• Continuous reconciliation or via webhook at creation time

Unused Resource Operator for Kubernetes cluster hygiene. Automatically detects orphaned Secrets, ConfigMaps, PVCs, Services, and 20+ other resource types that are no longer used by any workload. Configurable grace periods and safety scoring ensure nothing is deleted by mistake.
Stop paying for resources nobody uses.

• Policy-driven scanning with cron schedules and namespace filters
• Multi-strategy reference detection (owner refs, Helm, ArgoCD, pod mounts)
• Safety scoring and grace periods before any deletion
• Optional S3 backup for deleted resources with retention policies

Time-limited, auditable emergency access for Openshift. When users need elevated privileges to resolve incidents or perform critical tasks, Breakglass provides a secure, self-service, policy-driven workflow with automatic expiration and comprehensive audit trails.
Zero standing privileges. Full accountability.

• Policy-driven approval: auto-approve, manual, or deny based on configurable rules
• Multi-approver workflows with deadlines and self-approval prevention
• Automatic RBAC binding creation and cleanup on expiration
• Full audit logs exportable to S3, Elasticsearch, Loki, or via webhooks

Change management for OpenShift. Intercepts resource creation and routes them through configurable approval workflows; maintaining a complete audit trail of all changes.
Every change tracked. Every approval recorded.

• Multi-step approval workflows with Kubernetes native approvers
• Scheduled deployment windows with automatic expiration
• S3-compatible archival of manifests and audit history for compliance