StackRox Releases KubeLinter, an Open Source Tool to Identify Kubernetes Misconfigurations
October 2020 by Marc Jacob
StackRox announced the release of KubeLinter, its new open source static analysis tool to identify misconfigurations in Kubernetes deployments. KubeLinter offers the ability to automate the analysis of Kubernetes YAML files and Helm charts prior to deployment into a cluster to validate that Kubernetes has been configured following security best practices. This enhances developer productivity, integrating security-as-code with DevOps and DevSecOps processes while ensuring the automatic enforcement of hardened security policies for Kubernetes applications.
According to the StackRox State of Container and Kubernetes Security Report, Fall 2020, human error causes the majority of security incidents in Kubernetes, with misconfigurations contributing to roughly 67% of cases reported by survey respondents. KubeLinter provides an automated means to carry out configuration checks, a complex, error-prone process traditionally done manually. KubeLinter can also be integrated into continuous integration (CI) systems to simplify how changes are proposed and made to YAML files and Helm charts by developers and security teams.
KubeLinter enables users to treat configurations as code and build security into the application development process earlier. In contrast to Kubernetes defaults, KubeLinter’s defaults are security-centric, so users will have to explicitly opt-in to configure Kubernetes in a manner that is considered insecure. The built-in checks provided by KubeLinter can be easily extended to include custom checks for many Kubernetes configuration parameters. As an open source tool available under the Apache 2.0 license, users will also be able to contribute to the project by extending KubeLinter with additional checks for community use.