StackRox has released a new open-source static analysis tool for identifying misconfigurations in Kubernetes deployments. KubeLinter checks YAML files and Helm charts and validates whether they have been configured using security best practices.
StackRox recently conducted a study that found human error as a top cause for Kubernetes security incidents, with misconfigurations contributing to 67% of cases.
KubeLinter offers an automated way to carry out configuration checks instead of doing it manually.
“We developed KubeLinter to provide the Kubernetes community with a better, more automated way to identify misconfigurations and deviations from best practices that limit organizations from realizing the full potential of cloud-native applications,” said Ali Golshan, StackRox co-founder and CTO. “Releasing KubeLinter as an open source tool will ultimately help Kubernetes users create hardened environments that are increasingly resistant to the inherent risks generated by the frequent configuration changes common in development practices.”
The project can be configured to include multiple built-in checks, which can be enabled or disabled, or customized.
“After downloading and running the built-in checks, I was able to quickly identify several ways we could incorporate KubeLinter into our developer workflows and enforce that our Kubernetes YAML files were consistent with our policies”, said Pranava Adduri, Entrepreneur In Residence at Greylock, and a former tech lead at AWS who worked on EKS. “It works great out of the box and fills a gap previously unaddressed in the ecosystem – I can see this adding a lot of value to any team working with Kubernetes and engendering an open-source community that’ll extend its capabilities.”
