macOS
brew install kube-linterlocal Homebrew formula metadata
sudo port install kube-linterMacPorts ports tree · devel/kube-linter/Portfile · source: api.github.com
brew
Static analysis tool for Kubernetes YAML files and Helm charts. Version 0.8.3 via Homebrew; verified 2026-06-15.
install
brew install kube-linterlocal Homebrew formula metadata
sudo port install kube-linterMacPorts ports tree · devel/kube-linter/Portfile · source: api.github.com
nix profile install nixpkgs#kube-linternixpkgs package indexes · pkgs/by-name/ku/kube-linter/package.nix · source: api.github.com
sudo pacman -S kube-linterArch Linux sync databases · kube-linter · source: geo.mirror.pkgbuild.com
sudo zypper install kube-linteropenSUSE Tumbleweed package metadata · kube-linter · source: download.opensuse.org
scoop install main/kube-linterScoop official bucket manifest trees · bucket/kube-linter.json · source: api.github.com
overview
Static analysis tool for Kubernetes YAML files and Helm charts
history
KubeLinter is StackRox's static-analysis CLI for Kubernetes manifests, Helm charts, and Kustomize output. It checks workload definitions before deployment and reports production-readiness and security recommendations such as non-root execution, least privilege, resource settings, and secret handling.
The public GitHub repository was created on 2020-08-13, and the first GitHub release, 0.0.1, was published on 2020-09-17. StackRox announced KubeLinter publicly on 2020-10-28 as an open source tool for finding Kubernetes misconfigurations before workloads reach a cluster.
The project later became part of the StackRox/Red Hat Kubernetes security toolchain identity: its README says KubeLinter was created by StackRox and is powered by Red Hat. The codebase stayed focused on one job: linting Kubernetes YAML-family inputs with configurable checks and machine-readable output formats.
KubeLinter's adoption path followed the normal Kubernetes CLI pattern: standalone release binaries, Homebrew packaging, Go installation, Docker images, and CI integration. The companion stackrox/kube-linter-action repository packages the same scanner as a GitHub Action for pull-request and workflow checks.
Users run KubeLinter locally or in CI against rendered manifests, Helm charts, or Kustomize output. A failed check returns a non-zero exit code, which makes the tool useful as a lightweight guardrail before kubectl apply, Helm install, or a GitOps reconciler sees the manifests.
The config file convention in this batch, .kube-linter.yaml, matches the tool's configurable-policy role: teams can enable, disable, or define checks around their own Kubernetes baseline instead of accepting a single universal rule set.
For package people, KubeLinter is a good example of the security-shift-left wave becoming a small installable CLI. It sits next to kubectl, helm, kustomize, and CI actions rather than requiring a hosted service, which is why Homebrew and other package-manager delivery matter.
Its significance is less about replacing cluster admission policy and more about catching obvious manifest mistakes while the artifact is still text in a repository.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.kube-linter.yamlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
kube-linter | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/stackrox/kube-linter
install metadata
| Package key | brew:kube-linter |
|---|---|
| Version | 0.8.3 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/kube-linter |
| Homepage | https://docs.kubelinter.io/ |
| Repository | https://github.com/stackrox/kube-linter |
| Upstream docs | https://docs.kubelinter.io/ |
| License | Apache-2.0 |
| Source archive | https://github.com/stackrox/kube-linter/archive/refs/tags/v0.8.3.tar.gz |
| Last updated | 2026-06-15T10:20:19-04:00 |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | kube-linter |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
kube-linter
nix profile install nixpkgs#kube-linterkube-linter 0.8.3-1
Static analysis tool that checks Kubernetes YAML files and Helm charts
https://github.com/stackrox/kube-linter
sudo pacman -S kube-linterkube-linter 0.8.3-1.2
Static analysis tool that checks Kubernetes YAML files and Helm charts
https://github.com/stackrox/kube-linter
sudo zypper install kube-linterkube-linter-bash-completion 0.8.3-1.2
Bash Completion for kube-linter
https://github.com/stackrox/kube-linter
sudo zypper install kube-linter-bash-completionkube-linter-fish-completion 0.8.3-1.2
Fish Completion for kube-linter
https://github.com/stackrox/kube-linter
sudo zypper install kube-linter-fish-completionkube-linter-zsh-completion 0.8.3-1.2
Zsh Completion for kube-linter
https://github.com/stackrox/kube-linter
sudo zypper install kube-linter-zsh-completionkube-linter
sudo port install kube-lintermain/kube-linter
scoop install main/kube-lintersource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.