Terrascan Extends Policy as Code Support to Helm, Kustomize
November 17, 2020

Accurics announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize, both projects from the Cloud Native Computing Foundation (CNCF) that have gained immense popularity.

This enables organizations to ensure applications on Kubernetes clusters are secure and compliant before they are deployed.

“Given the increasing scale and velocity of cloud breaches, organizations need policy guardrails to ensure that cloud native infrastructure is securely defined and managed,” said Cesar Rodriguez, creator of Terrascan and head of Developer Advocacy at Accurics. “Now, with the additional support for Helm and Kustomize, teams using Terrascan to programmatically establish Policy as Code guardrails in their high-velocity, component-based Kubernetes projects have a way to reduce security risks without impeding development. This will help drive innovation and broaden adoption of Kubernetes.”

For its part, Helm is a package manager that offers an easy way to find, share and use software built for Kubernetes. It is currently used by a variety of organizations, including AT&T, Bitnami, CERN, Conde Nast, Microsoft and VMWare. Since its inception, there have been more than 13,000 contributions representing over 1,500 companies. Kustomize, meanwhile, is a standalone tool used to customize Kubernetes objects. The two projects are regularly downloaded millions of times a month.

The rapid adoption of IaC enables organizations to codify policy checks early in the development lifecycle with Policy as Code (PaC). Terrascan, which is maintained by Accurics, is used by thousands of developers to implement PaC using a library of 500+ out-of-the-box policies to scan IaC against common policy standards such as the CIS Benchmark, and govern Terraform and Kubernetes during development, greatly enhancing their value. It helps spot issues such as server-side encryption misconfigurations, security groups left open for public browsing, and access logs not enabled on resources that support them. Extending these benefits to the Helm and Kustomize user base greatly expands the universe of potential advantages.

Governing risk in the diverse cloud native ecosystem has traditionally required numerous tools and policy sets. With enhanced support for the Kubernetes ecosystem and an open architecture based on the Open Policy Agent (OPA), Terrascan enables enterprises to protect these technologies with a single tool and consistent policies.

Share this

Industry News

November 07, 2024

Broadcom announced the general availability of VMware Tanzu Platform 10 that establishes a new layer of abstraction across Cloud Foundry infrastructure foundations to make it easier, faster, and less expensive to bring new applications, including GenAI applications, to production.

November 07, 2024

Tricentis announced the expansion of its test management and analytics platform, Tricentis qTest, with the launch of Tricentis qTest Copilot.

November 07, 2024

Redgate is introducing two new machine learning (ML) and artificial intelligence (AI) powered capabilities in its test data management and database monitoring solutions.

November 07, 2024

Upbound announced significant advancements to its platform, targeting enterprises building self-service cloud environments for their developers and machine learning engineers.

November 07, 2024

Edera announced the availability of Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.

November 06, 2024

Progress announced 10 years of partnership with emt Distribution — a leading cybersecurity distributor in the Middle East and Africa.

November 06, 2024

Port announced $35 million in Series B funding, bringing its total funding to $58M to date.

November 05, 2024

Parasoft has made another step in strategically integrating AI and ML quality enhancements where development teams need them most, such as using natural language for troubleshooting or checking code in real time.

November 05, 2024

MuleSoft announced the general availability of full lifecycle AsyncAPI support, enabling organizations to power AI agents with real-time data through seamless integration with event-driven architectures (EDAs).

November 05, 2024

Numecent announced they have expanded their Microsoft collaboration with the launch of Cloudpager's new integration to App attach in Azure Virtual Desktop.

November 04, 2024

Progress announced the completion of the acquisition of ShareFile, a business unit of Cloud Software Group, providing a SaaS-native, AI-powered, document-centric collaboration platform, focusing on industry segments including business and professional services, financial services, industrial and healthcare.

November 04, 2024

Incredibuild announced the acquisition of Garden, a provider of DevOps pipeline acceleration solutions.

October 31, 2024

The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).

October 31, 2024

Redgate announced that its core solutions are listed in Amazon Web Services (AWS) Marketplace.

October 30, 2024

LambdaTest introduced a suite of new features to its AI-powered Test Manager, designed to simplify and enhance the test management experience for software development and QA teams.