Last January, Red Hat announced that it was acquiring Kubernetes security startup StackRox, a company that had raised over $65 million since it was founded in 2014. With StackRox, the company acquired a sophisticated security solution for cloud-native applications, which it then rebranded under the slightly more prosaic name of ‘Red Hat Advanced Cluster Security (ACS) for Kubernetes.” Now, the company is open-sourcing ACS for Kubernetes under a better name: StackRox.
“Built to encourage adoption of DevSecOps principles, the project helps to address common cloud-native security challenges, including visibility, vulnerability management, configuration management, network segmentation, compliance, threat detection and incident response, as well as risk profiling,” Red Hat explains in today’s announcement.
With StackRox, developers will be able to build solutions to automate DevSecOps, improve Kubernetes security and operationalize full life cycle application security in Kubernetes. This means developers will be able to use StackRox to provide continuous image scanning and assurance into their CI/CD pipelines, for example, and ensure that high-risk workloads don’t end up in a production service without additional policies.
While Red Hat’s ACS will continue to focus on security for its own OpenShift container platform, the StackRox open-source project will be mostly vendor-neutral, though Red Hat unsurprisingly plans to continue to be an active participant in the community.