Microservices is an emerging paradigm for developing distributed systems that is rapidly approaching widespread adoption. In response to this adoption, an increasing body of work has investigated the relation between microservices and security. Unfortunately, the literature on this subject does not form a well-defined corpus: it is spread over many venues, and it consists of contributions that mainly address specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset through (i) publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; and (ii) through 20 research questions, which we use to provide an aggregated overview of the literature and to identify gaps left open. Our study leads to a call for action to address the main open challenges.