Show HN: Generate baseline Kubernetes NetworkPolicies from rendered manifests

🔥 We replaced 6 weeks of security engineering with a 1-second CLI command.

From app configs to Kubernetes NetworkPolicies in seconds.

Microsegmentation is the #1 defense against lateral movement. CISA mandates it. Every CISO wants it.

Yet only ~5% of organizations actually enforce it—because generating network policies takes weeks, costs $50K+ in engineering hours, and requires three teams to coordinate simultaneously.

segspec reads your application config files and generates ready-to-apply Kubernetes NetworkPolicy YAML.

No agents. No runtime access. No observation window.

Point segspec at any application repository. It extracts network dependencies—databases, caches, message brokers, APIs, and service-to-service calls—from configs and outputs per-service NetworkPolicies with ingress and egress rules.

Microsegmentation vendors and runtime inspection tools say you need agents and a 30–60 day “learning period”.

But most dependencies are already declared in your source-of-truth configs, so why are we paying for packet inspection?

⭐ Star if you want security-as-config