Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments.

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments.

KubeLinter is a static analysis tool that checks YAML files, which store configuration data for Kubernetes applications, to ensure that security best practices are followed.

A study conducted recently by StackRox showed that a majority of Kubernetes-related incidents are caused by human error, with misconfigurations being cited in two-thirds of cases.

Checking configurations is typically done manually, but the company says it’s not an easy process and it often results in errors. KubeLinter, which is a command-line tool, aims to address this by automating the process of checking YAML files and Helm charts (used to manage configurations) before they are deployed in a Kubernetes cluster.

The tool has built-in checks for common misconfigurations, such as ensuring that the least privileges principle is applied, following good label hygiene, ensuring that it’s not running as root, the presence of readiness probes, and the use of resource requirements. Custom checks can also be created by users.

KubeLinter can be run on developer machines, but it can also be integrated into an organization’s continuous integration (CI) systems.

“We developed KubeLinter to provide the Kubernetes community with a better, more automated way to identify misconfigurations and deviations from best practices that limit organizations from realizing the full potential of cloud-native applications,” said Ali Golshan, StackRox co-founder and CTO. “Releasing KubeLinter as an open source tool will ultimately help Kubernetes users create hardened environments that are increasingly resistant to the inherent risks generated by the frequent configuration changes common in development practices.”

The KubeLinter source code is available on GitHub and the Kubernetes community has been invited to contribute to the tool, which is currently described as being in a very early stage of development.

StackRox has also released a short video explaining why it created KubeLinter and how users can contribute to the project.

StackRox recently raised $26.5 million in funding, bringing the total investment secured by the company to $61 million.

Related: BlackBerry Releases Open Source Reverse Engineering Tool

Related: Adobe Open Sources Tool for Sanitizing Logs, Detecting Exposed Credentials

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...