This document discusses holistic security for Kubernetes with Calico and NeuVector. It begins with an introduction to Calico and how it provides enhanced zero trust security. It describes how Calico is used in RKE2 and Rancher and provides vulnerability management with NeuVector. The rest of the document goes into details about Calico's security policies, identity-aware microsegmentation, compliance and encryption features. It also provides an overview of NeuVector's supply chain security, runtime security, vulnerability scanning and compliance scanning capabilities to provide layered security for containers.