DevOps / Kubernetes / Security / Contributed

Fairwinds Insights Brings Kubernetes Configuration Checks to the Developer

11 Nov 2020 10:34am, by

As Kubernetes gains wider adoption across the cloud ecosystem, security teams (and leadership) need a way to leverage best practices from a set of out-of-the-box standards, as well as write their own policies to enable people across the organization to adopt Kubernetes with uniform standards.

To address this pace, Fairwinds released Fairwinds Insights 2.0, including new features that allow a “shift left” of moving configuration checks into the CI/CD pipeline as well as the tooling necessary for policy enforcement across large enterprises. Fairwinds Insights is a configuration validation platform focusing on security, reliability, and efficiency. It pulls from Fairwinds’ own open source projects, such as the Polaris Kubernetes configuration checker as well as third-party open source tools such as Aqua Security’s Trivy.

“Fairwinds Insights 2.0 enables ‘shifting left,’ giving developers visibility around Kubernetes misconfigurations so that they can be addressed much earlier in the development lifecycle,” said Bill Ledingham, CEO at Fairwinds, in a statement. “Fairwinds Insights supports DevSecOps, ensuring security is tightly integrated throughout the development process. Teams save time and money with proactive, policy-driven configuration validation, greater visibility into security risks and consistency from development through production.”

In addition to the best practices included in the 1.0 version, Fairwinds Insights 2.0 now includes support for writing custom checks with Open Policy Agent (OPA) and enables Policy as Code.

For organizations scaling with many Kubernetes clusters across their organization, Fairwinds Insights 2.0 addresses that growth by enabling service ownership with Kubernetes. Operations and security teams can build infrastructure and set policy that will be enforced all the way back in the CI/CD pipeline or the admission controller — exposing problems and offering steps towards a resolution to engineers responsible for the service.

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Aqua Security.