Published : Mar 29, 2022
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar. Understand more
Trial Worth pursuing. It is important to understand how to build up this capability. Enterprises should try this technology on a project that can handle the risk.
kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations for what you can improve to make your application more secure and resilient. It has a list of predefined checks which includes best practices such as running containers with non-root privileges and correctly specifying resource limits. It's been around for some time, and we've used it in a few projects as part of a CD pipeline for Kubernetes manifests. A major drawback of kube-score is that you can't add custom policies. We typically supplement it with tools like Conftest in these cases.