kubeWAF

Kubernetes-native
Web Application Firewall

Protect your Kubernetes workloads with ModSecurity and OWASP Core Rule Set (CRS) using native Kubernetes CRDs.

View on GitHub ā†’ Read the documentation
Currently in WIP ā€¢ Expected first stable release start of Q2 2026
SECURE ā€¢ NATIVE ā€¢ POWERFUL

Built for Kubernetes

Define WAF rules using Kubernetes-native CRDs. No more managing complex config files.

šŸ”Œ

Native CRDs

Manage SecRules, SecActions and CRS policies directly in Kubernetes using SecRule and SecAction resources.

šŸ›”ļø

OWASP CRS Ready

Full support for the OWASP Core Rule Set. Import, customize and manage CRS rules as Kubernetes resources.

āš”

ModSecurity Powered

Powered by ModSecurity / Coraza. Battle-tested WAF engine with full SecLang compatibility.

šŸŒ

Envoy Gateway

Native integration as Envoy Gateway WAF policies using Kubernetes Gateway API. Apply rules at the gateway level.

šŸ“¦

Sidecar WAF

Deploy as a sidecar container next to your application pods. Fine-grained per-workload protection using Coraza or ModSecurity.

STABLE RELEASE

Get notified when we launch

Join the mailing list for updates on the stable release (expected Q2 2026) and other important announcements.

šŸ”’ We respect your inbox. Unsubscribe anytime.

THANKS TO

kubeWAF would not be possible without these outstanding open source projects

šŸ›”ļø Coraza šŸ”’ ModSecurity šŸ“‹ OWASP CRS