Static analysis for Kubernetes YAML files, Helm charts, and Kustomize manifests
- Stars3.5k
- Forks267
- Open Issues86
Apache-2.0
- Go
- Shell
- Makefile
About KubeLinter
KubeLinter runs static analysis on Kubernetes YAML files, Helm charts, and Kustomize manifests, checking them against best practices with a focus on production readiness and security. It helps teams catch misconfigurations early, including running containers as non-root, enforcing least privilege, and storing sensitive data only in secrets.
It runs sensible default checks and is fully configurable, so you can enable or disable checks or write custom ones for organization-specific policies. When a check fails, it reports recommendations for how to resolve the issue and returns a non-zero exit code, making it easy to wire into CI pipelines.
A single run can emit multiple output formats at once, such as SARIF for code-scanning tooling and JSON for machine processing. Install it from a release binary, with Homebrew, or pull the published container image for use in automated workflows.
Key features
- Checks Kubernetes YAML, Helm charts, and Kustomize manifests
- Runs default best-practice and security checks
- Supports custom checks and per-policy configuration
- Returns fix recommendations and non-zero exit codes on failures
- Can emit SARIF and JSON in one run
Details
- First released
- 2020
- Platforms
- CLI · Docker
- Deployment
- self-hostable · docker
- License
- Apache-2.0
- Output formats
- SARIF · JSON
- Governance
- Created by StackRox, powered by Red Hat