Upwind Releases Native Support for NixOS

Upwind logo in black and purple at the top left, with abstract overlapping blue, white, and purple geometric lines and shapes on a white background, forming a central hexagonal pattern.
A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall. 1702427831406 A man with dark hair and a beard, wearing a dark jacket over a white shirt, stands outdoors smiling with mountains and a clear blue sky in the background.

By Chris Lentricchia, David Kern, Jarlath Bloom & Yarin Pinyan

May 29, 2025

We’re excited to announce that the Upwind Sensor now officially supports NixOS. This marks a major step forward for teams running fully declarative infrastructure – NixOS users can now seamlessly deploy and manage the Upwind Sensor using the reproducible, version-controlled workflows they already trust for the rest of their system.

A dashboard shows cloud provider filters and network traffic categories, highlighting “Sensitive data category” with AWS, Azure, and Google Cloud icons connected to CDN Egress and Cloud Egress, visualizing data flow.
NixOS users can now harness powerful capabilities from the Upwind Sensor, like the ability to view automatically classified API sensitive data flows in real time through the Upwind Topology Map

What is NixOS?

NixOS is an increasingly popular distribution of Linux that is built around the Nix Package Manager and is known for its secure and deterministic nature. NixOS brings a radically different approach to system management by making everything, from package installations to system services, declarative and reproducible. This means you define your system configuration in a single file, and NixOS ensures your machine matches that exact specification, every time.

For teams managing complex infrastructure, NixOS enables:

  • Reliable and reproducible deployments
  • Declarative infrastructure management
  • Simple and safe rollbacks
  • Security and stability by design

NixOS has also seen rapid growth in adoption inside security-focused organizations, especially among infrastructure and platform engineering teams. As a result, the operating system has a rapidly growing, technically strong, and dedicated community surrounding it. Everyone from hobbyists to large-scale infrastructure engineers is helping shape the ecosystem.

Customer-Led Innovation

“Complete trust in a security provider. The solution is designed incredibly well. It’s so innovative. In today’s security landscape, you just don’t see this kind of approach to tackling problems.”

Kosta Djukic, Principal Engineer – Cloud Infrastructure at Ada, on how he would describe Upwind in one sentence.

NixOS support reflects Upwind’s core product philosophy: we listen closely, build quickly, and ship what matters most to customers.

Enabling support for NixOS is a perfect example of the mutually beneficial relationship between Upwind and our customers. As NixOS adoption grew, teams asked for native Upwind support. Instead of building in isolation, we collaborated with NixOS users from our customers early in the process, gathering insights, testing, and then refining our integration based on real-world use cases. The input from NixOS users helped us prioritize what mattered most: the reliability and ease of deployment of the Upwind Sensor. The result is support shaped not by assumptions, but by the needs of the people using it.

Upwind’s Support for NixOS

Starting today, Upwind natively supports full lifecycle installation of the Upwind Sensor on NixOS via system-level configuration, with support  for both x86 and ARM64 architectures. By bringing Upwind’s Sensor to NixOS, we’re offering a powerful layer of protection that aligns perfectly with NixOS’s emphasis on reproducibility, consistency, and immutability. NixOS users can now seamlessly integrate Upwind’s advanced real-time and runtime capabilities. These include baselines, a topology map, and context-based prioritization designed to reduce noise and speed up response, all while preserving the declarative, version-controlled nature of their environments.

A screenshot of the Upwind dashboard shows vulnerability details for a frontend container. It displays affected resources, frontend, and vulnerabilities, with image details such as operating system and detected vulnerabilities.
The Upwind Platform detects a vulnerability within a container image on NixOS

Learn More

With Upwind’s new support for NixOS, the Upwind Sensor fits naturally into the declarative, reproducible world that infrastructure and security teams are building toward. One where real-time protection doesn’t mean compromise on security, observability, or operational control.

To learn more about Upwind’s support for NixOS or our roadmap for additional Linux distributions, schedule a call with our team. 

Upwind Releases Native Support for NixOS

Further Reading

A dependency update diagram for upgrading jackson-dataformat-yaml from version 2.13.4 to 2.15.0, showing affected packages and usage stats: 3 packages, 10 vulnerabilities, 57 images, 137 resources.
Product

Upwind Accelerates Zero-Day Remediation with Runtime and Network-Aware SBOMs

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

May 27, 2025

It was a regular Thursday when Lisa, a DevOps lead at a mid-sized fintech company, got an alert: Log4Shell, a zero-day vulnerability in Log4j, was being exploited. Confident in their security posture, she checked the SBOM. No Log4j. But as network anomalies piled up, a manual scan revealed the truth – Log4j was buried in […]

The Upwind logo in black and purple is in the top left, with a large stylized A in a white hexagon surrounded by blue hexagons on a light blue background.
Product

Upwind for Microsoft Azure: Fast, Agentless Protection for Every Workload

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

May 22, 2025

Upwind is a hybrid solution that utilizes both agentless cloud scanners along with our industry-leading eBPF-based sensor to ensure deep visibility and security in every environment. Our Agentless Azure Cloud Scanner builds out graph inventory, then overlays secrets exposure, vulnerabilities scanning, internet exposure, configuration findings and more – enabling a rapid onramp to capabilities such […]

Logo image with the word Upwind in black next to the word Jit in pink, separated by a vertical line, on a white background with purple and pink geometric accents.
Product

Upwind + Jit: Bringing Runtime Context to AI-Powered Vulnerability Triage

Denise Ashur

By Denise Ashur

May 19, 2025

Security teams are drowning in alerts. Static scanners surface thousands of issues, but most are irrelevant. The real challenge isn’t finding problems, it’s knowing which ones to fix. The Upwind + Jit integration brings runtime intelligence directly into AI-powered workflows so you can stop guessing and start fixing what matters. By combining Upwind’s real-time context […]

Stay in touch

Product

CNAPP
Vulnerability Management
CSPM
Container Security
CWPP
CDR
API Security
Identity Security

General

About
Contact
Careers
Feed
Events
Case Studies
Get A Demo
Glossary

Social

Twitter
LinkedIn
Facebook

Resources

Documentation

Privacy Policy
Terms of Use

© 2025, Upwind Security