Security Experts:

StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments.

KubeLinter is a static analysis tool that checks YAML files, which store configuration data for Kubernetes applications, to ensure that security best practices are followed.

A study conducted recently by StackRox showed that a majority of Kubernetes-related incidents are caused by human error, with misconfigurations being cited in two-thirds of cases.

Checking configurations is typically done manually, but the company says it’s not an easy process and it often results in errors. KubeLinter, which is a command-line tool, aims to address this by automating the process of checking YAML files and Helm charts (used to manage configurations) before they are deployed in a Kubernetes cluster.

The tool has built-in checks for common misconfigurations, such as ensuring that the least privileges principle is applied, following good label hygiene, ensuring that it’s not running as root, the presence of readiness probes, and the use of resource requirements. Custom checks can also be created by users.

KubeLinter can be run on developer machines, but it can also be integrated into an organization’s continuous integration (CI) systems.

“We developed KubeLinter to provide the Kubernetes community with a better, more automated way to identify misconfigurations and deviations from best practices that limit organizations from realizing the full potential of cloud-native applications,” said Ali Golshan, StackRox co-founder and CTO. “Releasing KubeLinter as an open source tool will ultimately help Kubernetes users create hardened environments that are increasingly resistant to the inherent risks generated by the frequent configuration changes common in development practices.”

The KubeLinter source code is available on GitHub and the Kubernetes community has been invited to contribute to the tool, which is currently described as being in a very early stage of development.

StackRox has also released a short video explaining why it created KubeLinter and how users can contribute to the project.

StackRox recently raised $26.5 million in funding, bringing the total investment secured by the company to $61 million.

Related: BlackBerry Releases Open Source Reverse Engineering Tool

Related: Adobe Open Sources Tool for Sanitizing Logs, Detecting Exposed Credentials

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.