Red Hat open-sources StackRox Kubernetes security product

More goodies for OpenShift, plus Konveyor to Kubernetes in association with IBM

Kubecon Europe As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift.

The StackRox product is itself deployed as a Kubernetes application and has several components, aiming to pick up vulnerabilities in both container images and in Kubernetes, look for misconfigurations such as unnecessarily elevated privileges, perform rule-based threat detection, and more.

StackRox technology is the basis of Red Hat Advanced Cluster Security, recently introduced as part of the company's focus on OpenShift, its Kubernetes distribution.

Red Hat CEO Paul Cormier reminisces about the history of Red Hat Linux at the Summit keynote

Red Hat OpenShifts gears at summit to pin its future on 'open hybrid cloud'


Now Red Hat is hoping to engage the open-source community in order to improve both StackRox and Red Hat Advanced Cluster Security. It looks as if StackRox will perform a similar role to that of Fedora and CentOS Stream for Red Hat Linux: providing a preview and testbed for new features that will end up in the enterprise product, while also being a project that can be used in production. "We expect the project to help drive future product roadmaps," said Red Hat today. The new open-source project will also encompass KubeLinter, a static analysis tool for YAML files and Helm charts, used to configure and deploy Kubernetes applications.

Red Hat has also made new OpenShift features generally available. OpenShift GitOps is based on Argo CD, a continuous delivery tool for Kubernetes, and lets organisations automate deployment based on configuration code checked into a Git repository.

OpenShift Pipelines, based on Tekton, automates application deployment including building container images from source code and pushing images to container registries. The two are designed to work together.

Both have been in preview, but are now fully released complete with new features such as integration with OpenShift centralised log management.

OpenShift Pipelines and GitOps form a continuous delivery system for Kubernetes

OpenShift Pipelines and GitOps form a continuous delivery system for Kubernetes

Finally, Red Hat and IBM Research have come up with an open-source project – or group of projects – for migrating applications called Konveyor. This addresses several needs. The first is migrating virtual machines (VMs) to Kubernetes in cases where organisations lack the time or skills to re-architect an application. A Konveyor project called Forklift will migrate VMs with "minimal downtime," said Red Hat.

A second, called Crane, is for migrating applications between Kubernetes clusters. Reasons for doing this include moving to a newer version of Kubernetes or to a deployment on a different infrastructure. "In an ideal scenario, this would be a redeployment of the application," said Red Hat, but Crane aims to migrate both data and Kubernetes objects as a quick solution.

Another component, called Move2Kube, is for migrating artifacts such as Cloud Foundry manifests and Docker Compose files to Kubernetes artifacts such as YAML and Helm charts. Two other Konveyor projects are Pelorus, which aims to "measure software delivery performance on Kubernetes," and Tackle, for refactoring applications to run on Kubernetes.

Refactoring applications for Kubernetes is perhaps one of the key challenges facing developers, though the extent to which a tool can assist with it remains an open question. Both Pelorus and Tackle appear to be work in progress, judging by the sketchy information currently available. ®

Similar topics

Other stories you might like

  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading

Biting the hand that feeds IT © 1998–2022