helm-guard v1.0.0
Static security analysis for Helm chart supply chain integrity. Catches risks that Checkov, Trivy, and kube-linter miss.
40 checks across 10 categories
| Category | Checks | Examples |
|---|---|---|
| Pinning | HLM-PIN-001..005 | SemVer ranges, Chart.lock, image tags, OLM channels, SemVer compliance |
| Injection | HLM-INJ-001..008 | tpl, lookup, env, getHostByName, shell injection, .Files.Get, hardcoded registries |
| Trust | HLM-TRUST-001..007 | Missing schema, secrets, untrusted repos, hostNetwork, HTTP URLs, NetworkPolicy, global overrides |
| Hooks | HLM-HOOK-001..003 | SecurityContext, delete policy, post-renderer scripts |
| OLM | HLM-OLM-001..004 | Auto-approval, community catalog, privileged namespace, unstable channels |
| Provenance | HLM-PROV-001 | Missing chart signature |
| Namespace | HLM-NS-001..002 | Privileged namespace, release namespace schema |
| Dependencies | HLM-DEP-001..004 | Security overrides, version conflicts, typosquatting, alias hiding |
| Security | HLM-SEC-001..006 | Path traversal (CVE-2024-25620), symlinked Chart.lock (CVE-2025-53547), valueFiles traversal (CVE-2022-24348), SA automount, .helmignore |
CVEs covered
CVE-2020-11013, CVE-2023-25165, CVE-2024-25620, CVE-2025-53547, CVE-2026-35204, CVE-2022-24348
Features
- Three-tier parser: structured YAML, text regex, rendered output (opt-in)
- No helm CLI dependency by default
- Render mode safety interlock
- --explain flag for rule details
- Pre-commit hook support
- SARIF output for GitHub Code Scanning
Ecosystem tested
- odh-gitops: 3 findings (tuned from 11 after real-world feedback)
- 18 bitnami charts, 3 prometheus, 3 grafana: zero crashes
- 149 tests
Install
pip install git+https://github.com/ugiordan/helm-guard.git@v1.0.0