ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added why not synk

Browse Source
This commit is contained in:
Elizabeth W
2026-04-19 20:54:13 -06:00
parent 826bf3e096
commit 2225bb2045
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/pipeline-overview.md
+3
View File
@@ -138,6 +138,9 @@ To achieve this, the architecture utilizes "Defense in Depth," split across seve
### ❌ OPA Gatekeeper / Kyverno (Admission Control)
* **Why it was rejected:** OPA requires learning an entirely new, complex logic language (Rego). While Kyverno uses simpler Kubernetes YAML, both were ultimately rejected in favor of NeuVector, which handles admission control natively within its existing UI as part of the unified SUSE ecosystem.
### ❌ Snyk Open Source
* **Why it was rejected:** Redundant when utilizing Socket for malware detection and Grype for CVE scanning.
### ❌ Falco / Tetragon (Runtime Security)
* **Why it was rejected:** Both are exceptional eBPF runtime security monitors. However, implementing them would require setting up custom alerting pipelines and separate visualizers. Because Harvester is a SUSE product, SUSE Security (NeuVector) was selected to provide equivalent runtime protection natively, keeping the tech stack consolidated.