Red Hat’s OpenShift Container Platform (OCP) is a Kubernetes platform for operationalizing container workloads remotely or as a hosted service. OpenShift enables consistent security, built-in monitoring, centralized policy management, and compatibility with Kubernetes workloads. The rapid adoption of open source projects can introduce vulnerabilities in standard Kubernetes Environments. OCP supports ... Read More

AppSec Has Changed Application security has matured, transformed, “shifted left”, been rebranded, de-centralised and even to an extent re-centralised over the past 10 years. Keeping up with what is relevant, with a keen eye on what is coming, is a juggling act of Cirque du Soleil proportions and something that ... Read More

StackRox partners with AWS on many fronts, in large part because so many StackRox customers run our platform in their Amazon Elastic Kubernetes Service (EKS) environments. As the world’s most popular managed Kubernetes service, EKS – like all other AWS services – operates under a shared responsibility model for security ... Read More

Today, I’m excited to announce the launch of KubeLinter , a new open source project from StackRox! KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. Scroll down to watch a video overview of ... Read More

Organizations are rapidly moving their Kubernetes applications to production to accelerate feature velocity and drive digital transformation and business growth. Our latest State of Kubernetes Security survey report shows that companies have standardized on Kubernetes, and this rapid adoption offers equal parts promise and peril. Promise, in the form of ... Read More

Several years ago, few would have thought that a government agency would be at the forefront of application development tooling and processes, daring the civilian world to keep up with their shift-left knowhow. But that’s exactly what’s happening in the U.S. Department of Defense, which is implementing the Enterprise DevSecOps ... Read More

Faster application development and release, quicker bug fixes, and increased feature velocity are three of the most often cited benefits of containerization. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Rolling out an application that hasn’t passed a security assessment puts the ... Read More

We are now six years past the initial release of Kubernetes, and it continues to be one of the fastest-growing open-source projects to date. The rapid development and adoption of Kubernetes has resulted in many different implementations of the application. The Cloud Native Computing Foundation (CNCF) currently lists over 100 ... Read More

Most organizations have a DevSecOps initiative and responsibility for container security continues to evolve and remains decentralized. These are two of the findings from our latest report on the state of container and Kubernetes security (Download your copy today). We’re kicking off the fourth edition of our State of Kubernetes ... Read More

To understand how to effectively secure your Kubernetes environments, it is informative to understand the architecture of Kubernetes itself as well as where and how to focus efforts on valuable mitigations, especially those which require administrator or user configuration when provisioning clusters. Kubernetes is a robust yet complex infrastructure system ... Read More