Container security specialist StackRox has released Kubelinter, its static analysis tool to automatically check container deployment against best-practice security standards.

It uses Kubernetes YAML files and Helm charts to integrate a security-as-code approach into devops workflow.

“Our twice-yearly surveys show misconfigurations as the largest source of risk for Kubernetes deployments. We created KubeLinter to automate configuration checks to provide guardrails for developers and DevOps teams,” Viswajith Venugopal, lead developer of KubeLinter told DevClass.

“We’ve had great feedback on it, and by releasing it as an open source tool we hope to extend its value throughout the community.”

StackRox says that two out of three Kubernetes deployment problems are caused by human misconfiguration, and that KuberLinter is a unique way to automate and correct these. It can also be integrated into continuous integration (CI) systems to simplify how configuration changes are proposed and made by developers and security teams.

By treating configurations as code and providing security-centric defaults, the company says that security can be built into the application development process early on, and that users have to deliberately create an insecure deployment, as opposed to defaulting to one. The tool’s
checks can easily be extended to cover many Kubernetes parameters.

KubeLinter is available under the Apache 2.0 license, and StackRox hopes users will contribute to the project with additional checks for community use.