Posts under open source

Why I Joined StackRox - the Kubernetes Security Shift

Why I Joined StackRox - the Kubernetes Security Shift

AppSec Has Changed Application security has matured, transformed, “shifted left”, been rebranded, de-centralised and even to an extent re-centralised over the past 10 years. Keeping up with what is relevant, with a keen eye on what is coming, is a juggling act of Cirque du Soleil proportions and something that even the keenly enthused must work above and beyond to get a firm yet perpetually slippery grasp on. The Catalyst Kubernetes won the orchestration battle – so decisively that just last year (2019) Kelsey Hightower was elucidating his not-so-distant vision of a world where it was so ubiquitous, we no longer considered it.

KubeLinter: open source YAML linter / HELM linter for K8s

KubeLinter: open source YAML linter / HELM linter for K8s

Today, I’m excited to announce the launch of KubeLinter, a new open source project from StackRox! KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. Scroll down to watch a video overview of KubeLinter. KubeLinter was born out of a pain point that we know only too well at StackRox, both from our internal clusters, and from listening to our customers: configuring Kubernetes applications is hard!

gRPC Anywhere

gRPC Anywhere

Many applications rely on gRPC to connect services, but a number of modern load balancers still do not support HTTP/2, and, in turn, gRPC. In an earlier blog post, we showed a way to take advantage of the gRPC-Web protocol to circumvent this issue. That solution works well for non-client-streaming gRPC calls — with this new approach, we can support client/bidirectional-streams. In our earlier writing, we briefly mentioned that WebSockets may actually help us resolve our client/bidi-streaming problem.