News

Accurics Extends Support to CNCF Projects Helm and Kustomize

• By John K. Waters
• November 17, 2020

Cloud security provider Accurics today announced that it is extending support in its Terrascan tool to Helm and Kustomize, two Cloud Native Computing Foundation (CNCF) projects with a growing developer following. Terrascan is the company's open-source tool for detecting compliance and security violations across Infrastructure as Code (IaC).

Helm is a package manager designed to provide an easy way to find, share, and use software built for the open-source Kubernetes container orchestration platform. The tool uses a packaging format called "charts," collections of files that describe a related set of Kubernetes resources. According to the CNCF, there have been 13,000 contributions, representing more than 1,500 companies, to the Helm project. Helm "graduated" from incubation in April to become a full-fledged CNCF.

Kustomize is a standalone tool for customizing Kubernetes objects through a "kustomization" file. It's designed to allow users "to customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is," according to the Kustomize GitHub repository. It "understands" and can patch Kubernetes-style API objects. "It's like make, in that what it does is declared in a file, and it's like sed, in that it emits edited text," GitHub says. The tool has been around since 2017.

Support for these two CNCF projects in Terrascan "enables organizations to ensure applications on Kubernetes clusters are secure and compliant before they are deployed," the company said in a statement. Accurics announced the new support at the start of the KubeCon + Cloud Native event, the CNCF's flagship conference, taking place online this week.

"Given the increasing scale and velocity of cloud breaches, organizations need policy guardrails to ensure that cloud native infrastructure is securely defined and managed," said Cesar Rodriguez, creator of Terrascan and head of Developer Advocacy at Accurics, in a statement. "Now, with the additional support for Helm and Kustomize, teams using Terrascan to programmatically establish Policy as Code guardrails in their high-velocity, component-based Kubernetes projects have a way to reduce security risks without impeding development. This will help drive innovation and broaden adoption of Kubernetes."

The adoption of IaC enables organizations to codify policy checks early in the development lifecycle with Policy as Code (PaC). Developers use Terrascan to implement PaC using a library of 500+ out-of-the-box policies to scan IaC against common policy standards, such as the CIS Benchmark, and govern Terraform and Kubernetes during development. It helps spot issues, such as server-side encryption misconfigurations, security groups left open for public browsing, and access logs not enabled on resources that support them.

"Extending these benefits to the Helm and Kustomize user base greatly expands the universe of potential advantages," the company said.

The Pleasanton, CA-based Accurics focuses on enabling "immutable security for immutable infrastructure, so that organizations can embrace cloud native technologies with confidence." The company's namesake solution seamlessly scans IaC for misconfigurations based on common policy frameworks and detects potential breach paths to eliminate risks before cloud infrastructure is provisioned. It then monitors provisioned cloud infrastructure for configuration changes that introduce posture drift, and enables reverting to a secure posture.