generating an inspectable disk from a disk of a first workload deployed in a first computing environment, the computing environment including a cybersecurity policy applicable to a cybersecurity object;

detecting the cybersecurity object on the inspectable disk;

generating a policy exception based on the cybersecurity object and the first workload;

generating a representation of the cybersecurity object and the first workload in a security database, wherein the security database includes a representation of the first computing environment and a representation of a second computing environment which is associated with the first computing environment;

detecting in the representation of the second computing environment a representation of a second workload associated with the representation of the first workload;

applying the policy exception to the second workload based on detecting that the second workload is associated with the first workload;

traversing a security graph to find a first node representing the first workload, wherein the security graph is the representation in the security database; and

traversing the security graph to find a second node representing the second workload.