Platform Platform Overview Runtime Detection SBOM & SCA Container Scanning Supply Chain How It Works Solutions Fintech Engineering SaaS Engineering Regulated SaaS Integrations Pricing Docs Blog
Sign in Start Free Trial

The Platform

One eBPF DaemonSet. Four security modules. No sidecar. No kernel module.

Runtimekindle deploys a single privileged DaemonSet that captures kernel-level syscall events, feeds a shared correlation engine, and powers four security modules — without injecting a sidecar into every pod, without a kernel module that requires privileged-access approvals, without a separate agent per workload. We are not a SIEM replacement and not an EDR. We are an AppSec platform built specifically for teams running workloads on Kubernetes.

eBPF Agent DaemonSet Runtime Detection SBOM & SCA Container Scanning Supply Chain

How The Data Plane Works

One probe. Four modules. Zero sidecars.

Node-level syscall capture

The eBPF DaemonSet attaches to kernel syscall entry/exit tracepoints. All container workloads on the node are observed from a single probe — no per-pod agents, no service mesh required.

Process ancestry tracking

Tracks the full process tree from container entrypoint to child processes. Detects shell spawning, unexpected binary execution, and container escape patterns in real time.

Correlation engine

Runtime events are correlated with SBOM dependency data and container image CVE findings. Only vulnerabilities in loaded libraries get escalated to alert — reducing triage noise dramatically.

K8s admission enforcement

The control plane integrates with Kubernetes admission webhooks (OPA or Kyverno). Non-attested workloads are blocked at deploy time — not after they've run in production.

Explore Modules

Four modules. One unified agent.

Runtime Detection

eBPF-based syscall monitoring with process ancestry, network map, and container escape detection. <2ms P99 overhead per syscall.

Explore

SBOM & SCA

CycloneDX SBOM generation from CI pipeline. Correlate CVEs with runtime reachability — cut triage noise by up to 70%.

Explore

Container Scanning

Dockerfile layer analysis and base image CVE scanning. Integrates with ECR, GCR, and Docker Hub without adding pipeline latency.

Explore

Supply Chain Attestation

SLSA L2 provenance records and Sigstore cosign integration. Cryptographic signing and policy enforcement for every build artifact.

Explore

Ready to see the platform in action?

Deploy in 15 minutes. No kernel module, no sidecar, no re-architecture.

Start Free Trial Request Demo