WIP: Educating Students on Kubernetes-Related Policy Violations: Can We Use Static Application Security Testing?
Akond Rahman, Fan Wu, and Hossain Shahriar in Frontiers in Education Conference (FIE 2026), 2026 Pre-printThis research work-in-progress (WIP) paper describes experiences from using a static application security testing (SAST) tool for educating students on violations of security-related policies as these violations in software systems incur serious consequences, such as monetary losses for organizations. Software systems that use Kubernetes, a popular container orchestration tool, are no different. Hence, it is important for educators to teach students about security-related policy violations. The goal of this paper is to help educators teach policy-related violations to upper-division students enrolled in computer science courses by conducting an exploratory study with a static application security testing tool. We investigate if static application security testing can aid students in learning security-related policy violations for Kubernetes. We use a SAST tool called Kubescape for an exercise that is conducted at a university. Based on the feedback collected from 66 students, we find usage of the SAST tool to be perceived as useful by students to learn about violations of security-related policies in Kubernetes configuration files. Based on our findings, we recommend educators to integrate exercises to help students learn about Kubernetes-related policy violations. We also advocate educators to investigate the usage of SAST tools for enhancing students’ knowledge on foundational concepts related to security policies.
