Terrascan Extends Policy as Code Support to Helm, Kustomize
November 17, 2020

Accurics announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize, both projects from the Cloud Native Computing Foundation (CNCF) that have gained immense popularity.

This enables organizations to ensure applications on Kubernetes clusters are secure and compliant before they are deployed.

“Given the increasing scale and velocity of cloud breaches, organizations need policy guardrails to ensure that cloud native infrastructure is securely defined and managed,” said Cesar Rodriguez, creator of Terrascan and head of Developer Advocacy at Accurics. “Now, with the additional support for Helm and Kustomize, teams using Terrascan to programmatically establish Policy as Code guardrails in their high-velocity, component-based Kubernetes projects have a way to reduce security risks without impeding development. This will help drive innovation and broaden adoption of Kubernetes.”

For its part, Helm is a package manager that offers an easy way to find, share and use software built for Kubernetes. It is currently used by a variety of organizations, including AT&T, Bitnami, CERN, Conde Nast, Microsoft and VMWare. Since its inception, there have been more than 13,000 contributions representing over 1,500 companies. Kustomize, meanwhile, is a standalone tool used to customize Kubernetes objects. The two projects are regularly downloaded millions of times a month.

The rapid adoption of IaC enables organizations to codify policy checks early in the development lifecycle with Policy as Code (PaC). Terrascan, which is maintained by Accurics, is used by thousands of developers to implement PaC using a library of 500+ out-of-the-box policies to scan IaC against common policy standards such as the CIS Benchmark, and govern Terraform and Kubernetes during development, greatly enhancing their value. It helps spot issues such as server-side encryption misconfigurations, security groups left open for public browsing, and access logs not enabled on resources that support them. Extending these benefits to the Helm and Kustomize user base greatly expands the universe of potential advantages.

Governing risk in the diverse cloud native ecosystem has traditionally required numerous tools and policy sets. With enhanced support for the Kubernetes ecosystem and an open architecture based on the Open Policy Agent (OPA), Terrascan enables enterprises to protect these technologies with a single tool and consistent policies.

Share this

Industry News

November 26, 2024

Check Point® Software Technologies Ltd. has been recognized as a Leader and Fast Mover in the latest GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPPs).

November 26, 2024

Spectro Cloud, provider of the award-winning Palette Edge™ Kubernetes management platform, announced a new integrated edge in a box solution featuring the Hewlett Packard Enterprise (HPE) ProLiant DL145 Gen11 server to help organizations deploy, secure, and manage demanding applications for diverse edge locations.

November 26, 2024

Red Hat announced the availability of Red Hat JBoss Enterprise Application Platform (JBoss EAP) 8 on Microsoft Azure.

November 26, 2024

Launchable by CloudBees is now available on AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).

November 26, 2024

Kong closed a $175 million in up-round Series E financing, with a mix of primary and secondary transactions at a $2 billion valuation.

November 26, 2024

Tricentis announced that GTCR, a private equity firm, has signed a definitive agreement to invest $1.33 billion in the company, valuing the enterprise at $4.5 billion and further fueling Tricentis for future growth and innovation.

November 25, 2024

Sonatype and OpenText are partnering to offer a single integrated solution that combines open-source and custom code security, making finding and fixing vulnerabilities faster than ever.

November 25, 2024

Red Hat announced an extended collaboration with Microsoft to streamline and scale artificial intelligence (AI) and generative AI (gen AI) deployments in the cloud.

November 25, 2024

Endor Labs announced that Microsoft has natively integrated its advanced SCA capabilities within Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP).

November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.