Open Source Software Terrascan Extends Policy as Code Support to Helm, Kustomize
OPA-Based architecture eases governance across multiple cloud native technologies
From KubeCon + CloudNativeCon North America — Pleasanton, CA – November 17, 2020 – Accurics, the cloud cyber resilience specialist, today announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize, both projects from the Cloud Native Computing Foundation (CNCF) that have gained immense popularity. This enables organizations to ensure applications on Kubernetes clusters are secure and compliant before they are deployed.
“Given the increasing scale and velocity of cloud breaches, organizations need policy guardrails to ensure that cloud native infrastructure is securely defined and managed,” said Cesar Rodriguez, creator of Terrascan and head of Developer Advocacy at Accurics. “Now, with the additional support for Helm and Kustomize, teams using Terrascan to programmatically establish Policy as Code guardrails in their high-velocity, component-based Kubernetes projects have a way to reduce security risks without impeding development. This will help drive innovation and broaden adoption of Kubernetes.”
For its part, Helm is a package manager that offers an easy way to find, share and use software built for Kubernetes. It is currently used by a variety of organizations, including AT&T, Bitnami, CERN, Conde Nast, Microsoft and VMWare. Since its inception, there have been more than 13,000 contributions representing over 1,500 companies. Kustomize, meanwhile, is a standalone tool used to customize Kubernetes objects. The two projects are regularly downloaded millions of times a month.
The rapid adoption of IaC enables organizations to codify policy checks early in the development lifecycle with Policy as Code (PaC). Terrascan, which is maintained by Accurics, is used by thousands of developers to implement PaC using a library of 500+ out-of-the-box policies to scan IaC against common policy standards such as the CIS Benchmark, and govern Terraform and Kubernetes during development, greatly enhancing their value. It helps spot issues such as server-side encryption misconfigurations, security groups left open for public browsing, and access logs not enabled on resources that support them. Extending these benefits to the Helm and Kustomize user base greatly expands the universe of potential advantages.
Governing risk in the diverse cloud native ecosystem has traditionally required numerous tools and policy sets. With enhanced support for the Kubernetes ecosystem and an open architecture based on the Open Policy Agent (OPA), Terrascan enables enterprises to protect these technologies with a single tool and consistent policies.
For more information about Terrascan, please visit https://www.accurics.com/products/terrascan/