Live · v3.9.19 · cross-cluster GitOps shipped

Know if your K8s deploy is safe — before you ship it.

ChangeGuard turns live cluster state — CIS benchmarks, CVE scans, RBAC blast radius, GitOps drift, runtime threats, and your software inventory — into one deterministic 0–100 deployment safety score, posted on every PR. Updated every 10 seconds. Fully explainable, every point accounted for.

curl -sL install.changeguard.ai | CG_API_KEY=cg_your_key CG_CLUSTER_NAME=prod sh COPY

Start free trial → See how it works

SAFE TO DEPLOY

Updated 2s ago · 142 checks passing · 3 warnings · 0 critical

Policy & Compliance 36 / 40

Runtime Signals 25 / 28

Historical 14 / 17

Cluster Health 12 / 15

// What gets caught

The signal was always there. Nobody saw it in time.

Most production K8s incidents trace back to a change that could have been flagged before deploy. ChangeGuard makes those signals impossible to miss — with concrete, explainable detections.

Pre-deploy · RBAC

Overprivileged ServiceAccount granted by a Helm chart

Graph-based RBAC analysis maps every SA to its effective permissions and blast radius. Catches wildcard verbs and privilege escalation paths before kubectl apply.

$ changeguard validate -f deployment.yaml
✗ FAIL ServiceAccount api-worker grants:
→ verbs=[*] on resources=[secrets, configmaps]
→ blast radius: cluster-admin via 2 hops
CSC delta: -14 → score 73

Pre-deploy · Image

CVE-2024-44832 in log4j shipped via base image

Every workload image is scanned against the NVD and GHSA vulnerability databases. CVEs feed directly into change gating with severity-weighted scoring.

$ changeguard scan registry.io/api:v2.4.5
⚠ WARN 1 critical, 7 high CVEs detected
→ CVE-2024-44832 (critical, log4j 2.17.1)
→ CVE-2024-32487 (high, less 4.1.2)
CSC delta: -8 → score 79

Runtime · Threat Detection

Container escape attempt at 03:14 UTC

DaemonSet on every node monitors syscalls in real-time via eBPF. Detects cryptominers, container escapes, and credential theft within seconds.

[03:14:22] EVENT runtime/threat-detection
✗ CRITICAL payments-api-7d4f
→ spawned shell: /bin/sh -i
→ attempted: cat /run/secrets/...
CSC delta: -22 → score 65 [PAGED]

GitOps · ArgoCD

Production drifted from main 14 hours ago

The in-cluster agent reads ArgoCD Applications and Flux Kustomizations, HelmReleases, and Sources locally over the K8s API — no GitOps token, no polling — so drift surfaces even on clusters your control plane can't reach. It lands in the score within seconds.

$ changeguard gitops status
⚠ DRIFT Application prod-frontend
→ last sync: 14h ago (manual hotfix)
→ 3 resources differ from git
CSC delta: -6 → score 81

// The math, exposed

No black box. Every point accounted for.

CSC is deterministic — every deduction maps to a specific check. Show your auditors. Show your incident reviewers. Show your CFO who's tired of paying for tools nobody trusts.

Policy & Compliance

CIS benchmarks · CVEs · RBAC risk · deprecated APIs · custom policies

Runtime Signals

Pod health · runtime alerts · error rates · restarts · OOM events

Historical

Score trends · incident frequency · recovery time · MTTR

Cluster Health

Node capacity · resource pressure · GitOps drift · etcd latency

100 pts total. Policy carries the most weight because it's where the signal is most concrete — a CVE either exists or it doesn't. Runtime gets meaningful share because eBPF data is real-time, not retrospective. Historical and Cluster Health shape the score without dominating it. Every deduction maps to a specific check, viewable from any score in the dashboard.

// 60 seconds to your first score

One operator install. Five scanners. Zero config.

ChangeGuard fits into your existing workflow. The operator deploys and manages all five security scanners, a data collector, and a runtime threat-detection layer — all from a single Custom Resource. CLI validation and PR checks available in Beta.

Install the agent

One curl command. The operator deploys all five scanners, the collector, and runtime threat detection. Agent connects out — no inbound firewall changes needed.

# Pipe to sh. We're not hiding anything.
curl -sL install.changeguard.ai \
| CG_API_KEY=$KEY \
CG_CLUSTER_NAME=prod-us-east sh

Validate before deploy BETA

Run the CLI locally or in CI. Catches CVEs, RBAC risks, missing network policies, deprecated APIs against live cluster state.

# Works on YAML, Helm, Kustomize
changeguard validate \
-f deployment.yaml \
--against prod-us-east

# Returns exit 0 if CSC ≥ 70

Gate every PR BETA

CSC posts as a commit status check on every PR. Use GitHub branch protection to block merges below your threshold. No new dashboard to live in.

# .github/workflows/csc.yml
- uses: changeguard/check@v1
  with:
    threshold: 70
    cluster: prod-us-east

// Install your way

Four ways in. One chart underneath.

Helm is the single install artifact — the one-liner, OCI, and GitOps paths all resolve to the same signed chart (operator + collector + five scanners). Pick whichever fits your workflow.

Add the repo and install. Creates the namespace, deploys the operator, and brings up the collector and all five scanners.

helm repo add changeguard https://charts.changeguard.ai
helm repo update
helm upgrade --install changeguard changeguard/changeguard-operator \
  --namespace changeguard-system --create-namespace \
  --set agent.clusterName=production --set agent.provider=EKS \
  --set agent.apiKey=cg_your_key --set agent.security.enabled=true

A thin bootstrap that wraps the Helm install above. Needs helm and kubectl already on your machine; the agent connects outbound only.

curl -sL https://install.changeguard.ai \
| CG_API_KEY=cg_your_key CG_CLUSTER_NAME=prod sh

Install straight from the OCI registry — or mirror the chart and images into your own registry and repoint everything with a single global.imageRegistry value for fully air-gapped clusters.

helm upgrade --install changeguard \
  oci://public.ecr.aws/m7g7b7v0/changeguard-operator --version 3.9.19 \
  --set global.imageRegistry=registry.internal \
  --set agent.clusterName=prod --set agent.apiKey=cg_your_key \
  --set agent.security.enabled=true

Manage ChangeGuard the way you manage everything else. Drop in the ready-made ArgoCD Application or Flux HelmRelease from the chart's examples/gitops/ and let your CD tool reconcile it.

# examples/gitops/argocd-application.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
  source:
    repoURL: https://charts.changeguard.ai
    chart: changeguard-operator
    targetRevision: 3.9.19

Every artifact is cosign-signed. Verify before you install: cosign verify --key https://charts.changeguard.ai/cosign.pub <image-or-chart>

// Security posture

Tenant isolation that survives application code.

Your data is isolated at the database layer, not just by application logic. A future code path that mistakenly forgot a tenant filter would silently return zero rows — not leak across customers. Defense in depth is the default, not an enterprise upsell.

Database · Isolation

Tenant boundaries enforced by PostgreSQL

Row-level isolation runs at the database layer on every tenant table. Application code does not get to decide whether a query crosses a boundary — the database refuses, independently of how the query was written.

// query without tenant context
// returns: 0 rows
// query with the wrong tenant context
// returns: 0 rows
// the database does not need to trust the app

Audit · Immutable

Audit history cannot be rewritten by the app

The application can append to the audit log. It cannot modify or delete entries, even with elevated session state. History is forensic-grade by construction — not by promise.

// app attempts to alter history
→ permission denied
// the database refuses, not the app
// failure is logged, not silent

Network · Outbound only

Zero inbound access to your cluster

The agent runs as a read-only workload and pushes encrypted snapshots over a single outbound HTTPS connection. No LoadBalancer, no Ingress, no port we can reach. Compatible with private clusters and egress proxies.

$ kubectl get svc -n changeguard-system
No resources found.
# the operator does not expose anything
# single egress: api.changeguard.ai:443

Encryption · End to end

AES-256 at rest, TLS 1.2+ in transit

Customer data is encrypted at rest. All connections — agent to backend, backend to database, dashboard to API — require TLS 1.2 or newer. Credentials live in a managed secrets store, not in environment variables or code.

$ openssl s_client -connect api...:443
Protocol: TLSv1.3
$ check storage encryption
StorageEncrypted: true (AES-256)

Supply chain · Signed

Signed, verifiable artifacts end to end

The Helm chart, the operator and agent images, and a CycloneDX SBOM for each are signed with cosign, backed by AWS KMS. You can verify exactly what you're running against our published key before it ever reaches a cluster.

$ cosign verify --key changeguard.pub \
public.ecr.aws/m7g7b7v0/changeguard/operator
✓ Verified OK — signature + SBOM attestation
→ CycloneDX bill of materials attached

GitOps · Token-free

We never hold a GitOps credential

ChangeGuard reads ArgoCD and Flux state from inside the cluster over the Kubernetes API it's already authorized for — read-only. There's no ArgoCD or Flux API token to issue, store, rotate, or leak, and the same path works across clusters your control plane can't reach.

$ changeguard gitops sources
argocd applications (local read · no token)
flux kustomizations · helmreleases · sources
→ cross-cluster, credential-free

Detailed security architecture, audit trail format, and SOC 2 control mapping live at docs.changeguard.ai/security. Active questions: security@changeguard.ai.

// vs. the alternatives

Where ChangeGuard fits in your stack.

ChangeGuard isn't an APM or a CSPM. It solves a specific problem: there's no unified, deterministic signal for "is this Kubernetes deploy safe right now." Here's where it fits alongside tools you may already use.

Single deterministic deploy score

●

○

CIS benchmarks · CVE scanning

●

◐

●

◐

Runtime threat detection (eBPF)

●

◐

RBAC blast radius graph

●

○

●

○

PR-level gating with score

●

○

◐

GitOps drift in score

●

○

◐

Database-enforced tenant isolation

●

○

Air-gapped / on-cluster AI

●

○

Signed SBOM & supply-chain attestation

●

○

◐

○

Real-time pod log collection

●

◐

○

◐

Time-to-first-value

60s

days

hours

weeks

● built-in · ◐ partial / add-on · ○ not available · based on general product category capabilities

// Plans

Start free. Scale with your fleet.

14-day free trial on Starter, no credit card. Start on your own cluster, and we'll scope the right plan with you — every conversation starts with the product already running and scoring.

Starter

Start free

14-day free trial, no credit card · up to 3 clusters

CSC scoring (0–100)
CIS benchmark scanning
Container image CVE scanning
ArgoCD + Flux monitoring
GitHub / GitLab PR checks BETA
Slack & Teams alerts
SBOM generation
Deprecated API detection
Score history & export

Start free trial

Professional

Talk to us

Up to 10 clusters

Everything in Starter
Runtime threat detection
Identity & access risk scoring
Attack path visualization
Auto-generated audit evidence
SOC 2 / PCI / HIPAA mapping
Real-time pod log collection
SSE real-time dashboard streaming
Direct engineering access

Talk to us

Enterprise

Custom

Unlimited clusters · air-gapped option · SLA

Everything in Professional
Unlimited clusters
Cross-cluster intelligence
NVIDIA NIM on-cluster AI ROADMAP
SSO / SAML ROADMAP
On-prem / air-gapped install ROADMAP
Audit log export
99.9% uptime SLA

Contact sales

// What we shipped recently

Built in the open. Shipping weekly.

Every release is documented, every breaking change is signaled, every regression is owned. The full changelog lives at docs.changeguard.ai/changelog.

v3.9.19

today

Cross-cluster GitOps discovery: the agent reads ArgoCD Applications and Flux Kustomizations, HelmReleases, and Sources locally — no GitOps token — and the state survives restarts and replicas. Shipped with a cosign-signed supply chain (chart, images, and CycloneDX SBOM attestations) and a single Helm chart install over repo or OCI, with an air-gap image-registry override.

v3.9.0

3 days ago

SSE real-time streaming. 15-second auto-refresh with live indicator. Pod log collection from all namespaces. Log search and filtering.

v3.8.0

1 week ago

Runtime threat detection across every node. Operator-managed security scanning pipeline. Five scanners deployed as CronJobs.

v3.7.0

2 weeks ago

Attack path visualization. Simplified ExecDashboard. Score clarity — CSC (Change Safety) vs CIS benchmark scores distinguished throughout.

v3.5.0

1 month ago

Compliance evidence mapping — SOC 2, PCI DSS, HIPAA, FedRAMP, EO 14028. Infrastructure controls with honest scope labeling.

// FAQ

Reasonable questions we keep getting.

Why not just use my existing observability tools?

Observability platforms are excellent at showing you what happened. But they don't give you a single deterministic answer to "is it safe to deploy right now?" — they give you dashboards. ChangeGuard is the score on top of those signals. It works alongside your existing tools, not instead of them.

Do you send our cluster data to your servers?

By default, yes — to power the SaaS dashboard. But the agent can also run fully air-gapped with on-cluster AI inference (NVIDIA NIM). Zero data egress, full audit trail. Available on Enterprise.

How long until I see my first CSC score?

~60 seconds after the Helm install completes. The agent does an initial fast pass within 30 seconds and a full deep scan within ~5 minutes. You'll see the score climb as more signals come in.

Can I customize the scoring?

Yes. The default weights (40/28/17/15) are sensible for most teams, but every check has a configurable weight, and Professional+ tiers support custom policies that feed into the score with your own rules.

What if the score is wrong?

Every deduction is explainable — click any point of score loss to see the exact check, the resource it ran against, and the rule that fired. False positives can be acknowledged or suppressed with full audit trail. No black box.

Do you support GitLab / Bitbucket / non-GitHub?

GitLab CI is a first-class integration today. Bitbucket Pipelines is in beta. We also ship a universal CLI you can wire into any CI system in ~5 lines.