May 4, 2021 – Red Hat today introduce the StackRox community, the upstream project that will work to open source and manage the code that powers Red Hat Advanced Cluster Security for Kubernetes. The goal is to support innovation within an industry traditionally dominated by proprietary security solutions.
“Customers, partners and other interested contributors can learn more about joining the community at stackrox.io,” Red Hat said in its announcement.
The company said that since acquiring StackRox in February 2021 it has worked through the various considerations, both technical and legal, involved in the open sourcing process. “At Red Hat, we believe using an open development model helps create more secure, stable and innovative technologies,” the company said. “This commitment to the tenets of open source is the core of our business model today, making our drive to fully open source the StackRox technology another example of how closely we hold the value of open code and development.”
StackRox community’s goal will be to work toward providing an open source project that gives users greater choice for how they protect their Kubernetes environments. Once up and running, Red Hat said, the StackRox project will enable users to address major security use cases across the application lifecycle, including visibility, vulnerability management, configuration management, network segmentation, compliance, threat detection and incident response, as well as risk profiling. Red Hat also plans to make contributions to open source projects that the StackRox software benefits from and participate as active members of the communities that support those projects.
The company said the StackRox project will be the code behind the Red Hat Advanced Cluster Security for Kubernetes product, and it is expects the project to help drive future product roadmaps. Red Hat Advanced Cluster Security for Kubernetes provides customers using Red Hat OpenShift and supported public cloud Kubernetes services with Kubernetes-native security to enhance the security of infrastructure and workloads throughout the entire application lifecycle.
The StackRox community will also foster development of KubeLinter, which was released as an open source project in October 2020. KubeLinter is a static analysis tool that allows developers to check Kubernetes YAML files and Helm charts to identify misconfigurations and enforce security best practices.