Jibril & Garnet Platform

Last updated 16 days ago

Jibril: The Runtime Security Sensor (Free)

What it is: Jibril is the core, standalone eBPF-based security engine that performs the actual monitoring, behavioral detection (e.g., for malicious network calls, crypto miners), and blocking on a host system.

Functionality: Collects behavioral data (network, file, process) and uses behavioral detection to identify known threats and novel anomalies, and can actively block malicious actions. Its high-performance, low-overhead design makes it uniquely suitable for both build-time analysis and demanding production workloads.

Performance: Designed for high performance and extremely low overhead, making it suitable even for resource-constrained environments or high-throughput production systems. This is a key differentiator compared to other runtime security tools.

Deployment: Can be deployed as a standalone agent in various formats (CLI, Docker, Systemd, Kubernetes) for monitoring a single environment. Ideal for developers or teams to evaluate Garnet's core detection and blocking capabilities.

Tier: Free to use for a single agent deployment. Ideal for individual developers, small projects, or evaluating Garnet's core capabilities.

(See for more technical details)

Garnet Platform: Multi-Agent Security Management (Commercial)

What it is: The Garnet Platform is a commercial offering that acts as a centralized control plane for managing fleets of Jibril sensors, enabling security for software releases and production environments at scale.

Functionality: Provides a unified dashboard for visibility across multiple environments, simplifies agent deployment and configuration (e.g., for Kubernetes), aggregates alerts, and integrates with CI/CD (like GitHub Actions for securing software releases) and notification systems (Slack, for actionable alerts). Offers managed threat intelligence and includes enterprise support, catering to both DevOps/Platform Engineering (pipeline security, K8s management) and SOC/IR (centralized visibility, incident context) needs.

Target Audience: Designed for teams and organizations needing to secure multiple applications, environments (dev, staging, prod), or CI/CD pipelines.

Deployment: Accessed via a web interface. Jibril agents connect back to the platform using an API key.

Tier: Commercial, subscription-based. Required for multi-agent management, GitHub Actions integration, advanced alerting, and centralized control.

Jibril: The Runtime Security Sensor (Free)

Tier: Free to use for a single agent deployment. Ideal for individual developers, small projects, or evaluating Garnet's core capabilities.

(See for more technical details)

Garnet Platform: Multi-Agent Security Management (Commercial)

Target Audience: Designed for teams and organizations needing to secure multiple applications, environments (dev, staging, prod), or CI/CD pipelines.

Deployment: Accessed via a web interface. Jibril agents connect back to the platform using an API key.

Tier: Commercial, subscription-based. Required for multi-agent management, GitHub Actions integration, advanced alerting, and centralized control.