Take Five With Tom Fenton

Five Start-ups Not to Miss at KubeCon 2025

One of the most exciting aspects of KubeCon is the presence of startups at the event as this is where fresh ideas and projects are formulated and presented to the public, and KubeCon has a rich history of fostering these companies. In Fact, I will go so far as to say that no other conference provides start-ups with the same level of exposure that KubeCon does.

This has paid off in spades for many of these startups; some have grown to become popular independent companies, larger, more established companies have acquired others, and others have faded away, which is OK, as a healthy marketplace allows for failures.

[Click on image for larger view.]

With this in mind, I reached out to a few of my friends in the community and asked them to suggest startups I should not miss at KubeCon 2025, which will be held in Atlanta from November 10 to 13 this year.

They all agreed that this would be no easy feat, as there are over seventy companies listed in the start-ups section on the KubeCon sponsors page.
[Click on image for larger view.]

With that in mind, I winnowed the suggestions down to the five below.

TestifySec

[Click on image for larger view.]

TestifySec provides supply-chain security for cloud-native software. They are the creators behind the open-source Witness and Archivista projects. They secure the software supply chain by turning every build into a cryptographically signed, auditable record. Its flagship product is JUDGE, a platform that integrates policy-as-code, telemetry collection, and evidence storage & verification into CI/CD pipelines.

Some of its capabilities include a build pipeline observer that collects trusted metadata, support for a short-lived certificate authority for signing, a time-stamping authority (TSA) to prove when artifacts were signed, and a GraphQL data store for managing attestations and trusted telemetry. The platform also supports open-source tools originally developed by TestifySec, including Witness (for pipeline observation and attestation) and Archivista (for telemetry storage), both of which have been donated to the CNCF in-toto ecosystem. (ABC27)

As background information, TestifySec was founded in 2021 by Cole Kennedy and Mikhail Swift. Although it is relatively young, it has rapidly positioned itself in the intersection of DevSecOps, software supply chain risk, and compliance. It has both open-source tools and commercial services (including advisory) to help companies embed governance, compliance, and "proof of build" practices into their development workflows.

Chkk

[Click on image for larger view.]

AI is everywhere, and Kubernetes is no exception. Chkk is an operational safety / upgrade-copilot platform for Kubernetes & its ecosystem, designed to help organizations anticipate, avoid, and manage risks associated with infrastructure upgrades, add-on changes, deprecated APIs, version incompatibilities, and hidden dependencies.

It provides tools like Upgrade Copilot, which generate pre-verified and structured upgrade workflows; Risk Ledger, which surfaces operational risks before they manifest as incidents; and Artifact Register, which tracks and catalogs images, clusters, add-ons, and other components across a Kubernetes fleet.

By utilizing a Risk Signature Database (RSig DB) and Knowledge Graph, Chkk establishes context around breaking changes, end-of-life (EOL) or unsupported versions, configuration drift, and other issues, and then generates plans, templates, or assessments to facilitate safer, faster, and more predictable upgrades.

Chkk is another newcomer to the scene, as it was founded in 2022 and is based in Sunnyvale, California. It had a $5.2 million Seed round in October 2023, led by Sequoia Capital.

The company's customers are Platform, DevOps, and SRE teams in enterprises that operate at scale, especially those using cloud Kubernetes (EKS, GKE, AKS) or on-premises solutions, who face challenges around upgrade risk, version compatibility, and infrastructure reliability. I couldn't find any information about any specific customers. The Chkk website says it is "already used by enterprises across various industry verticals."

Border0

[Click on image for larger view.]

Remote access and privileged access have always been a headache for organizations, and Border0 provides a management platform that aims to modernize and simplify how organizations secure access to critical infrastructure.

Rather than relying on traditional VPNs, shared credentials, or static SSH keys, Border0 provides application-aware access control, zero-trust security, passwordless access via Single Sign-On (SSO), and just-in-time/fine-grained access policies. It supports various services, including SSH, databases, HTTP services, and Kubernetes clusters.

A key architectural component is the Connector, which runs within your infrastructure and brokers access through secure tunnels, such as WireGuard. It implements policy enforcement, auditing/session replay, secrets injection, and service discovery, among other features. Border0 also offers a "client portal" (including a browser-based and WASM-based interface) so users can discover the resources they're permitted to access directly, without needing to install complex tools.

This company was founded in 2022 by Andree Toonk, who has previous experience in cloud networking/infrastructure at Cisco and BGPmon. There are several case studies of companies using its products, including GoGift (a global corporate gifting company), Wirelab (a Dutch digital agency), and 42clue (a German observability/data company).

DevZero

[Click on image for larger view.]

DevZero is a cloud-based development environment and Kubernetes optimization platform that uses AI to help engineers spend less time waiting on environment setup, builds, or local resource constraints, and more time writing productive code.

Developers use pre-defined "recipes" to spin up ephemeral, namespaced, and extensible cloud workspaces (DevBoxes) that mirror production environments. The system supports features such as microVM-based isolation (where each pod/container runs inside a microVM for enhanced security and isolation), live migration of workloads (preserving state and TCP connections), and predictive or automatic rightsizing of compute and memory resources to minimize overprovisioning.

Founded by former Uber engineers Debo Ray and Rob Fletcher, DevZero was born out of internal pain points related to Kubernetes infrastructure, slow CI/CD cycles, and inefficient workstation resource utilization. The company officially launched its Developer Environment Platform in early 2023, following a $26 million seed and Series A funding round.

DevZero is used by companies such as Okta and Carta, among others, particularly by organizations that utilize Kubernetes or serverless architectures and require production-like development environments for their developers.

Kratix (Syntasso)

[Click on image for larger view.]

Kratix is an open-source framework created by Syntasso to help organizations build scalable Internal Developer Platforms (IDPs). It allows platform engineering teams to define reusable, governed building blocks (Promises), that provide services, infrastructure, and compliance capabilities.

These Promises are then exposed through APIs or developer portals, allowing application teams to self-serve without filing tickets or duplicating infrastructure-as-code. Kratix also supports workflows to codify organizational policies and processes and includes fleet management capabilities to ensure consistency across multiple clusters or environments. By being Kubernetes-native while integrating with tools like Terraform, GitOps, and Backstage, Kratix reduces friction between developers and operations, enabling autonomy for teams while ensuring compliance and consistency across the organization.

The framework was released in 2021 under the Apache 2.0 license and has since expanded to include a community marketplace of Promises, accelerating its adoption. Syntasso also offers an enterprise edition, Syntasso Kratix Enterprise (SKE), which adds governance features, enterprise integrations, and support for large-scale deployments.

NatWest (one of the UK's largest banks) uses Kratix Enterprise to reduce developer cognitive load, cut environment provisioning from months to minutes, and empower teams to co-create platform capabilities such as observability, networking, and databases.

Final Thoughts
So there are five start-ups on my must-visit list for KubeCon this year. I am especially excited about the startups this year, as I see a wave of next-generation infrastructure startups reshaping how enterprises build, secure, and operate software platforms. Kratix, created by Syntasso, enables organizations to construct scalable Internal Developer Platforms by packaging infrastructure, services, and policies into reusable "Promises" that developers can self-serve, thereby reducing tickets and configuration drift. DevZero, founded by former Uber engineers, streamlines cloud development by offering ephemeral, production-like environments that eliminate local setup bottlenecks and optimize Kubernetes resource utilization, with customers such as Okta and Carta already on board. Border0 modernizes access control by replacing VPNs and static credentials with a zero-trust, application-aware model that secures SSH, databases, and Kubernetes clusters through lightweight connectors, auditing, and SSO integration--helping companies like GoGift and Wirelab simplify and harden remote access.

Other players focus on reliability and supply-chain integrity. Chkk positions itself as a "Kubernetes upgrade copilot," detecting risks tied to deprecated APIs, version drift, or hidden dependencies, and then generating structured, verified workflows to make upgrades safe and predictable--appealing to enterprises running large Kubernetes fleets. TestifySec addresses the growing threat of supply-chain attacks by integrating cryptographically signed attestations into CI/CD pipelines, providing evidence of how and when software artifacts were created. Its Judge platform is now available through AWS Marketplace and aligns with NIST's secure development standards. Together, these companies highlight a common theme: enterprises want to move faster without sacrificing safety, and tools that codify governance, automate complexity, and verify trust are becoming foundational to modern cloud-native operations.

It was tough limiting my selection to these five companies, as there are so many great start-ups to visit at KubeCon this year, and I am sure I will find others; this is just my starting list. You can read more about KubeCon in this article.

Featured

Subscribe on YouTube