A new JetBrains IDE plugin throws Kubernetes security best practices straight into your deployment manifests—right where they belong. Think: checks for `runAsRoot`, privileged mode, `hostPath`, host ports, and sketchy sysctls. No hand-waving. It enforces stuff like: - Default `runAsNonRoot` - Drop all Linux capabilities - AppArmor, seccomp locked in - Volume restrictions - SELinux labels set by default **Adoption cue:** IDE-level policy checks are part of the shift-left push in cloud-native dev. Less cleanup later means fewer fires to put out.