Accurics has announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize.

This enables organizations to ensure applications on Kubernetes clusters are secure and compliant before they are deployed.

For its part, Helm is a package manager that offers an easy way to find, share and use software built for Kubernetes. It is currently used by a variety of organizations, including AT&T, Bitnami, CERN, Conde Nast, Microsoft and VMWare. Since its inception, there have been more than 13,000 contributions representing over 1,500 companies.

Kustomize, meanwhile, is a standalone tool used to customize Kubernetes objects.

The rapid adoption of IaC enables organizations to codify policy checks early in the development lifecycle with Policy as Code (PaC).

Terrascan, which is maintained by Accurics, is used by thousands of developers to implement PaC using a library of 500+ out-of-the-box policies to scan IaC against common policy standards such as the CIS Benchmark, and govern Terraform and Kubernetes during development.

Governing risk in the diverse cloud native ecosystem has traditionally required numerous tools and policy sets. With enhanced support for the Kubernetes ecosystem and an open architecture based on the Open Policy Agent (OPA), Terrascan enables enterprises to protect these technologies with a single tool and consistent policies.

You may also like