Connect with us

Hi, what are you looking for?


Cloud Security

StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments.

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments.

KubeLinter is a static analysis tool that checks YAML files, which store configuration data for Kubernetes applications, to ensure that security best practices are followed.

A study conducted recently by StackRox showed that a majority of Kubernetes-related incidents are caused by human error, with misconfigurations being cited in two-thirds of cases.

Checking configurations is typically done manually, but the company says it’s not an easy process and it often results in errors. KubeLinter, which is a command-line tool, aims to address this by automating the process of checking YAML files and Helm charts (used to manage configurations) before they are deployed in a Kubernetes cluster.

The tool has built-in checks for common misconfigurations, such as ensuring that the least privileges principle is applied, following good label hygiene, ensuring that it’s not running as root, the presence of readiness probes, and the use of resource requirements. Custom checks can also be created by users.

KubeLinter can be run on developer machines, but it can also be integrated into an organization’s continuous integration (CI) systems.

“We developed KubeLinter to provide the Kubernetes community with a better, more automated way to identify misconfigurations and deviations from best practices that limit organizations from realizing the full potential of cloud-native applications,” said Ali Golshan, StackRox co-founder and CTO. “Releasing KubeLinter as an open source tool will ultimately help Kubernetes users create hardened environments that are increasingly resistant to the inherent risks generated by the frequent configuration changes common in development practices.”

The KubeLinter source code is available on GitHub and the Kubernetes community has been invited to contribute to the tool, which is currently described as being in a very early stage of development.

Advertisement. Scroll to continue reading.

StackRox has also released a short video explaining why it created KubeLinter and how users can contribute to the project.

StackRox recently raised $26.5 million in funding, bringing the total investment secured by the company to $61 million.

Related: BlackBerry Releases Open Source Reverse Engineering Tool

Related: Adobe Open Sources Tool for Sanitizing Logs, Detecting Exposed Credentials

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.