Polaris

Jan 1, 0001

Definition

Polaris is an open-source tool designed to help Kubernetes users ensure that their clusters are configured according to best practices. It performs static analysis of Kubernetes manifests and provides actionable feedback on how to improve security, efficiency, and reliability. Polaris can be run as a command-line tool or integrated into CI/CD pipelines to enforce policy compliance.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  containers:
    - name: secure-container
      image: nginx:latest
      securityContext:
        runAsNonRoot: true
        readOnlyRootFilesystem: true
        capabilities:
          drop:
            - ALL

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-pod
spec:
  containers:
    - name: insecure-container
      image: nginx:latest
      securityContext:
        runAsNonRoot: false
        readOnlyRootFilesystem: false
        capabilities:
          add:
            - NET_ADMIN

Polaris

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter