CIOReview
CIOREVIEW >> Cloud >>

Terrascan Extends Support for Helm, Kustomize to Create Secure Infrastructure as Code

By CIOReview | Friday, December 4, 2020
Sachin Aggarwal, CEO and  Cesar Rodriguez, Head of Developer Advocacy at Accurics and creator of Terrascan

Sachin Aggarwal, CEO and Cesar Rodriguez, Head of Developer Advocacy at Accurics and creator of Terrascan

OPA-Based architecture eases risk management across multiple cloud-native technologies.

FREMONT, CA: Accurics, the cloud cyber resilience specialist, announces that Terrascan, the open-source static code analyzer that allows developers to build secure infrastructure as code (IaC), has been extended to assist Helm and Kustomize, both projects from the Cloud Native Computing Foundation (CNCF) that have got immense popularity. This allows organizations to ensure applications on Kubernetes clusters are secure and compliant before they are deployed.

Given the increasing scale and velocity of cloud breaches, organizations need policy guardrails to ensure that cloud-native infrastructure is securely defined and managed. Now, with the additional support for Helm and Kustomize, teams using Terrascan to programmatically create Policy as Code guardrails in their high-velocity, component-based Kubernetes projects have the means to reduce security risks without impeding development. This will drive innovation and broaden the adoption of Kubernetes.

Helm is a package manager that offers an easy way to find, share, and use software built for Kubernetes. It is currently used by a variety of organizations, including AT&T, Bitnami, CERN, Conde Nast, Microsoft, and VMWare. Since its establishment, there have been more than 13,000 contributions representing over 1,500 companies. Kustomize, meanwhile, is a standalone tool used to customize Kubernetes objects. The two projects are regularly downloaded millions of times a month. 

The rapid adoption of IaC allows organizations to codify policy checks early in the development lifecycle with Policy as Code (PaC). Terrascan, which is maintained by Accurics, is used by thousands of developers to implement PaC using a library of 500+ out-of-the-box policies to scan IaC against common policy standards such as the CIS Benchmark and govern Terraform and Kubernetes during development, greatly enhancing their value. It aids in spot issues such as server-side encryption misconfigurations, security groups left open for public browsing, and access logs not allowed on resources that support them. Extending these benefits to the Helm and Kustomize user base greatly expands the universe of potential advantages.

Managing risk in the diverse cloud-native ecosystem has traditionally needed numerous tools and policy sets. With better support for the Kubernetes ecosystem and open architecture based on the Open Policy Agent (OPA), Terrascan allows enterprises to protect these technologies with a single tool and consistent policies.