Misconfigurations in Helm Charts: How Far Are We from Automated Detection and Mitigation? - Francesco Minna, Vrije Universiteit Amsterdam & Agathe Blaise, Thales SIX

less than 1 minute read


Infrastructure-as-Code transformed applications into ephemeral deployments of configuration files; for example, Helm charts allow the representation of Kubernetes applications as YAML files. Several tools are available on the market to detect misconfigurations before deployment; to evaluate and compare Helm Chart analyzer tools, we developed an automated pipeline. In this talk, we will show a live demo of the pipeline, and discuss the misconfigurations found, possible mitigations, and functionalities needed by the application. We will also present the evaluation results on the sixty most common Helm Charts from Artifact Hub and seven popular Helm Charts analyzers. Can you guess what is the most common misconfiguration found? Join us to find out! We will also discuss what are the most efficient tools, the shortcomings, and how such tools can be bypassed. Finally, we will conclude with what we can do as a community to achieve automatic security repair of cloud configurations.

Sched URL