DEVOPSdigest

StackRox announced the release of KubeLinter, its new open source static analysis tool to identify misconfigurations in Kubernetes deployments.

KubeLinter offers the ability to automate the analysis of Kubernetes YAML files and Helm charts prior to deployment into a cluster to validate that Kubernetes has been configured following security best practices. This enhances developer productivity, integrating security-as-code with DevOps and DevSecOps processes while ensuring the automatic enforcement of hardened security policies for Kubernetes applications.

“We developed KubeLinter to provide the Kubernetes community with a better, more automated way to identify misconfigurations and deviations from best practices that limit organizations from realizing the full potential of cloud-native applications,” said Ali Golshan, StackRox co-founder and CTO. “Releasing KubeLinter as an open source tool will ultimately help Kubernetes users create hardened environments that are increasingly resistant to the inherent risks generated by the frequent configuration changes common in development practices.”

KubeLinter provides an automated means to carry out configuration checks, a complex, error-prone process traditionally done manually. KubeLinter can also be integrated into continuous integration (CI) systems to simplify how changes are proposed and made to YAML files and Helm charts by developers and security teams.

“If you’ve spent time crafting Kubernetes YAML files, you know it can be pretty arduous – there are so many different objects, so many knobs and dials, so many cross-references to keep track of,” said Viswajith Venugopal, StackRox Software Engineer and Lead Developer of KubeLinter. “Further, in most cases, default configurations for Kubernetes objects are geared towards making it easy for users to get their apps up-and-running quickly, and not for secure, production-ready configurations. KubeLinter is our answer to this problem.”

KubeLinter enables users to treat configurations as code and build security into the application development process earlier. In contrast to Kubernetes defaults, KubeLinter’s defaults are security-centric, so users will have to explicitly opt-in to configure Kubernetes in a manner that is considered insecure. The built-in checks provided by KubeLinter can be easily extended to include custom checks for many Kubernetes configuration parameters. As an open source tool available under the Apache 2.0 license, users will also be able to contribute to the project by extending KubeLinter with additional checks for community use.