the black box recorder for regulated kubernetes

Capture the evidence before the pod dies

reel records live container state from pods in your cluster: SBOMs, crypto, processes, memory, and malware. When the DORA or NIS2 reporting clock starts, the evidence already exists.

CLIcluster agentMCP server
Get free licenseHow it maps to DORA, NIS2 & CRA

What's Inside Your Container

reel turns raw container state into security evidence.

reel agent
watching
pod/caddy-7f8d4b2c1ns/prod
processes
0
memory
0
filesystem
0
packages
0
crypto
0
threats
0

Outputs

Checkpoints
Memory Dump
Forensics Capture
Layer Diff
SBOM
VEX
CBOM
Malware
S3
evidence vault
reel.io/schedule: @every 1h

continuous compliance

reel scans images and running containers

reel finds and scans images in your pipeline and live containers across your clusters. Your compliance evidence stays current and ready for inspection.

CLI

One-shot scans from your terminal or CI pipeline.

# Scan an image
reel export sbom --image nginx:latest
# Vendor VEX on the same scan
reel export sbom --image nginx:latest \
--scanners vuln,vex

Agent

Deploy once. Scans run on schedule, results go to S3.

helm install reel \
oci://docker.io/getreel/helm
# Schedule via annotations
@every 1h | upload sbom
@daily | upload cbom
Get started

model context protocol

reel can run as an MCP server

reel gives Claude Code, Cursor, and Continue the live state of what's actually running: SBOMs, crypto, processes, files, and memory. Your coding agent reads it the moment you ask.

claude
mcp
reel

"what's exploitable in the nginx container?"

→ sbom · vuln + vendor VEX

287 CVEs · 263 not_affected · 24 to triage

"any weak crypto or malware in there?"

→ cbom · malware

2 RSA-1024 keys · 0 signatures matched

"what else is running on this node?"

→ list_workloads

redis · postgres · nginx · 3 sidecars

Set up the MCP server