This article is more than 1 year old

Red Hat open-sources StackRox Kubernetes security product

More goodies for OpenShift, plus Konveyor to Kubernetes in association with IBM

Kubecon Europe As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift.

The StackRox product is itself deployed as a Kubernetes application and has several components, aiming to pick up vulnerabilities in both container images and in Kubernetes, look for misconfigurations such as unnecessarily elevated privileges, perform rule-based threat detection, and more.

StackRox technology is the basis of Red Hat Advanced Cluster Security, recently introduced as part of the company's focus on OpenShift, its Kubernetes distribution.

Red Hat CEO Paul Cormier reminisces about the history of Red Hat Linux at the Summit keynote

Red Hat OpenShifts gears at summit to pin its future on 'open hybrid cloud'


Now Red Hat is hoping to engage the open-source community in order to improve both StackRox and Red Hat Advanced Cluster Security. It looks as if StackRox will perform a similar role to that of Fedora and CentOS Stream for Red Hat Linux: providing a preview and testbed for new features that will end up in the enterprise product, while also being a project that can be used in production. "We expect the project to help drive future product roadmaps," said Red Hat today. The new open-source project will also encompass KubeLinter, a static analysis tool for YAML files and Helm charts, used to configure and deploy Kubernetes applications.

Red Hat has also made new OpenShift features generally available. OpenShift GitOps is based on Argo CD, a continuous delivery tool for Kubernetes, and lets organisations automate deployment based on configuration code checked into a Git repository.

OpenShift Pipelines, based on Tekton, automates application deployment including building container images from source code and pushing images to container registries. The two are designed to work together.

Both have been in preview, but are now fully released complete with new features such as integration with OpenShift centralised log management.

OpenShift Pipelines and GitOps form a continuous delivery system for Kubernetes

OpenShift Pipelines and GitOps form a continuous delivery system for Kubernetes

Finally, Red Hat and IBM Research have come up with an open-source project – or group of projects – for migrating applications called Konveyor. This addresses several needs. The first is migrating virtual machines (VMs) to Kubernetes in cases where organisations lack the time or skills to re-architect an application. A Konveyor project called Forklift will migrate VMs with "minimal downtime," said Red Hat.

A second, called Crane, is for migrating applications between Kubernetes clusters. Reasons for doing this include moving to a newer version of Kubernetes or to a deployment on a different infrastructure. "In an ideal scenario, this would be a redeployment of the application," said Red Hat, but Crane aims to migrate both data and Kubernetes objects as a quick solution.

Another component, called Move2Kube, is for migrating artifacts such as Cloud Foundry manifests and Docker Compose files to Kubernetes artifacts such as YAML and Helm charts. Two other Konveyor projects are Pelorus, which aims to "measure software delivery performance on Kubernetes," and Tackle, for refactoring applications to run on Kubernetes.

Refactoring applications for Kubernetes is perhaps one of the key challenges facing developers, though the extent to which a tool can assist with it remains an open question. Both Pelorus and Tackle appear to be work in progress, judging by the sketchy information currently available. ®

More about


Send us news

Other stories you might like