Declarative Continuous Compliance for Kubernetes
Your image scans are already out of date
Image scans show what was deployed. Containers drift—packages added, files modified, certs expired. Reel captures what's actually running, continuously, so your security posture reflects reality.
See Reel in action
CRIU Checkpoints
Freeze a running container's complete state—memory, processes, file descriptors, network connections. When something goes wrong, you have the exact moment captured for analysis.
Filesystem Layers
Containers drift from their images. See exactly what changed since deployment—files added, configs modified, binaries installed at runtime. The diff between your scanned image and running container is your blind spot.
Security Scanning
Your CI pipeline scanned the image. But what's running now? Reel scans live containers—SBOM, CBOM, malware, IoCs—continuously. Same tools, real-time results.
SBOM
312 packagesPackages, vulnerabilities, licenses
SBOM
Packages, vulnerabilities, licenses
CBOM
8 certificatesCertificates, keys, weak crypto
CBOM
Certificates, keys, weak crypto
Malware
0 threatsKnown threats via ClamAV
Malware
Known threats via ClamAV
Files
4 indicatorsSUID/SGID binaries, hidden files, suspicious locations
Files
SUID/SGID binaries, hidden files, suspicious locations
Define schedules in Kubernetes annotations
Reel runs as a DaemonSet in your cluster. Define capture schedules directly in your deployment manifests—GitOps-friendly, version controlled with your code.
Annotation-Driven Scheduling
Export checkpoints, SBOM, CBOM, and malware scans to your S3 evidence vault on a schedule. All artifacts are immutable and timestamped for audit trails.
Built on proven technology
Kubernetes
containerd
CRI-O
CRIU
Trivy
ClamAVNever lose evidence again
Coming soon. Deploys in minutes. Join the waitlist for early access.