# Install kube-linter with Homebrew, MacPorts, Nix, pacman, scoop, zypper

Static analysis tool for Kubernetes YAML files and Helm charts. Version 0.8.3 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:kube-linter
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install kube-linter
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install kube-linter
```

  Evidence: MacPorts ports tree: devel/kube-linter/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#kube-linter
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ku/kube-linter/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S kube-linter
```

  Evidence: Arch Linux sync databases: kube-linter from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install kube-linter
```

  Evidence: openSUSE Tumbleweed package metadata: kube-linter from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Scoop (92%):

```sh
scoop install main/kube-linter
```

  Evidence: Scoop official bucket manifest trees: bucket/kube-linter.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:kube-linter
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/kube-linter>
- **Version:** 0.8.3
- **Source summary:** Static analysis tool for Kubernetes YAML files and Helm charts
- **Homepage:** <https://docs.kubelinter.io/>
- **Repository:** <https://github.com/stackrox/kube-linter>
- **Upstream docs:** <https://docs.kubelinter.io/>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/stackrox/kube-linter/archive/refs/tags/v0.8.3.tar.gz>
- **Last updated:** 2026-06-15T10:20:19-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- kube-linter (cli)
- kube-linter (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.8.3
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/stackrox/kube-linter
- Upstream latest detected: v0.8.3 (current)
## Project history and usage

KubeLinter is StackRox's static-analysis CLI for Kubernetes manifests, Helm charts, and Kustomize output. It checks workload definitions before deployment and reports production-readiness and security recommendations such as non-root execution, least privilege, resource settings, and secret handling.

### Project history

The public GitHub repository was created on 2020-08-13, and the first GitHub release, 0.0.1, was published on 2020-09-17. StackRox announced KubeLinter publicly on 2020-10-28 as an open source tool for finding Kubernetes misconfigurations before workloads reach a cluster.

The project later became part of the StackRox/Red Hat Kubernetes security toolchain identity: its README says KubeLinter was created by StackRox and is powered by Red Hat. The codebase stayed focused on one job: linting Kubernetes YAML-family inputs with configurable checks and machine-readable output formats.

### Adoption history

KubeLinter's adoption path followed the normal Kubernetes CLI pattern: standalone release binaries, Homebrew packaging, Go installation, Docker images, and CI integration. The companion stackrox/kube-linter-action repository packages the same scanner as a GitHub Action for pull-request and workflow checks.

### How it is used

Users run KubeLinter locally or in CI against rendered manifests, Helm charts, or Kustomize output. A failed check returns a non-zero exit code, which makes the tool useful as a lightweight guardrail before kubectl apply, Helm install, or a GitOps reconciler sees the manifests.

The config file convention in this batch, .kube-linter.yaml, matches the tool's configurable-policy role: teams can enable, disable, or define checks around their own Kubernetes baseline instead of accepting a single universal rule set.

### Why package nerds care

For package people, KubeLinter is a good example of the security-shift-left wave becoming a small installable CLI. It sits next to kubectl, helm, kustomize, and CI actions rather than requiring a hosted service, which is why Homebrew and other package-manager delivery matter.

Its significance is less about replacing cluster admission policy and more about catching obvious manifest mistakes while the artifact is still text in a repository.

### Timeline

- 2020-08-13: GitHub repository created.
- 2020-09-17: First GitHub release, 0.0.1, published.
- 2020-10-28: StackRox announced KubeLinter as an open source Kubernetes misconfiguration scanner.
- 2026-03-10: GitHub release v0.8.3 published.

### Related projects

- kube-linter-action packages KubeLinter for GitHub Actions workflows.
- Helm and Kustomize are common upstream renderers for the manifests KubeLinter scans.
- Kubernetes admission controllers and policy engines such as OPA Gatekeeper solve related policy problems later in the deployment path.

### Sources

- <https://api.github.com/repos/stackrox/kube-linter>
- <https://api.github.com/repos/stackrox/kube-linter/releases>
- <https://docs.kubelinter.io/>
- <https://formulae.brew.sh/formula/kube-linter>
- <https://github.com/stackrox/kube-linter>
- <https://github.com/stackrox/kube-linter-action>
- <https://www.prnewswire.com/news-releases/stackrox-releases-kubelinter-an-open-source-tool-to-identify-kubernetes-misconfigurations-301161556.html>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .kube-linter.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** kube-linter
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - kube-linter: normalized package name match | nixpkgs package indexes: pkgs/by-name/ku/kube-linter/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- pacman - kube-linter - 0.8.3-1: normalized package name match | Arch Linux sync databases: kube-linter from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Static analysis tool that checks Kubernetes YAML files and Helm charts | https://github.com/stackrox/kube-linter
- zypper - kube-linter - 0.8.3-1.2: normalized package name match | openSUSE Tumbleweed package metadata: kube-linter from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Static analysis tool that checks Kubernetes YAML files and Helm charts | https://github.com/stackrox/kube-linter
- zypper - kube-linter-bash-completion - 0.8.3-1.2: normalized package name match | openSUSE Tumbleweed package metadata: kube-linter-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Bash Completion for kube-linter | https://github.com/stackrox/kube-linter
- zypper - kube-linter-fish-completion - 0.8.3-1.2: normalized package name match | openSUSE Tumbleweed package metadata: kube-linter-fish-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Fish Completion for kube-linter | https://github.com/stackrox/kube-linter
- zypper - kube-linter-zsh-completion - 0.8.3-1.2: normalized package name match | openSUSE Tumbleweed package metadata: kube-linter-zsh-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Zsh Completion for kube-linter | https://github.com/stackrox/kube-linter
- MacPorts - kube-linter: normalized package name match | MacPorts ports tree: devel/kube-linter/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/kube-linter: normalized package name match | Scoop official bucket manifest trees: bucket/kube-linter.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [kube-score](https://www.automicvault.com/pkg/brew/kube-score/) - Shares av.db curated category or tags: cli, developer-tools, helm, kubernetes, static-analysis.
- [chart-releaser](https://www.automicvault.com/pkg/brew/chart-releaser/) - Shares av.db curated category or tags: cli, developer-tools, helm, kubernetes.
- [chart-testing](https://www.automicvault.com/pkg/brew/chart-testing/) - Shares av.db curated category or tags: cli, developer-tools, helm, kubernetes.
- [dscanner](https://www.automicvault.com/pkg/brew/dscanner/) - Shares av.db curated category or tags: cli, developer-tools, linter, static-analysis.
- [errcheck](https://www.automicvault.com/pkg/brew/errcheck/) - Shares av.db curated category or tags: cli, developer-tools, linter, static-analysis.
- [eslint](https://www.automicvault.com/pkg/brew/eslint/) - Shares av.db curated category or tags: cli, developer-tools, linter, static-analysis.
- [fortitude](https://www.automicvault.com/pkg/brew/fortitude/) - Shares av.db curated category or tags: cli, developer-tools, linter, static-analysis.
- [go-critic](https://www.automicvault.com/pkg/brew/go-critic/) - Shares av.db curated category or tags: cli, developer-tools, linter, static-analysis.

## Combined YAML source

View the package source record on GitHub. [combined/kube-linter.yml](https://github.com/automic-vault/db/blob/main/combined/kube-linter.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
