Red Hat Releases Open Source StackRox to the Community

Today, Red Hat is excited to announce that Red Hat Advanced Cluster Security for Kubernetes (RHACS) is now open sourced as StackRox. The Kubernetes and container security community can now use and contribute to the codebase of StackRox on Github.

In 2021, Red Hat acquired StackRox and the first Kubernetes-native security platform with an innovative approach to container security. With the acquisition, Red Hat further expanded its security leadership and reinforced its commitment to deliver a single, holistic, integrated application platform for users to build, deploy, and more securely run nearly any application across the hybrid cloud. 

Red Hat has always maintained its commitment to supporting the open source community, and with this news, we’re enabling developer and security teams to deliver more secure applications faster. With Red Hat’s latest open source contribution, customers will be able to solve their Kubernetes security challenges, including:

• Automating DevSecOps
• Shift security left
• Operationalizing full life cycle application security in Kubernetes
• Overcome the challenges of Kubernetes security

Key use cases for StackRox

StackRox integrates with DevOps and security tools, allowing teams to operationalize and implement security for their supply chain, infrastructure, and workloads. 

Supply chain security

• Simplify DevOps processes by providing developers with security context in their existing workflows.
• Integrate security into your CI/CD pipelines and image registries to provide continuous image scanning and assurance.
• Scan images for both operating system (OS)- and language-level vulnerabilities.
• Use existing security information and event management (SIEM) tools and notification platforms to facilitate remediation and response.

Infrastructure security

• Harden your organization’s environment to ensure the underlying infrastructure is configured to maintain security.
• Prevent configuration drift by compliance checks against CIS benchmarks or custom policies.
• Analyze existing rules for role-based access control (RBAC) to prevent insecure access and authorizations. 
• Connect with the Kubernetes API to watch for high-risk actions like configmap changes or container exec commands.

Workload security

• Prevent high-risk workloads from deploying or running using out-of-the-box deploy-time and runtime policies.
• Harden workloads by enforcing network policies that adhere to the principle of least privilege—only providing the access privileges necessary to complete a task.
• Use allow-listing and behavioral modeling to detect anomalous application behavior indicative of a threat at runtime. 
• Monitor known good behavior to configure custom policies and alerts for anomalous and malicious behavior.

StackRox’s Kubernetes-native architecture will enable teams to harden their applications across their cloud and on-premise environments and accomplish this in a transparent, collaborative manner. With the recent breaches and supply chain exploits over the past year, we see StackRox as a way to help communities harden their application and take an end-to-end zero-trust approach to Kubernetes. 

Red Hat Advanced Cluster Security will continue to innovate as the enterprise-ready version of the StackRox project for all of your Kubernetes security needs. Red Hat Advanced Cluster Security is available as a standalone product or part of OpenShift Platform Plus.

How to get started

The StackRox community website will contain all open source updates moving forward. We recommend following the RSS feed, joining the engineering meetings (by subscribing to the community@stackrox.com calendar), and participating in the monthly office hours to learn more. 

The StackRox source code is available on GitHub to use and consume. Please see the GitHub repository for information regarding deploying open source StackRox into your Kubernetes clusters and star and watch it follow along as we simplify and make it easier for you to consume.

The StackRox documentation is freely available in the application's user interface or from the Red Hat Advanced Cluster Security documentation to learn how to manage the application.