Secure Policy-As-Code

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Policy-As-Code.

Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

Table of Contents

• Blogs
  • Getting Started
  • Infrastructure as Code
  • CI/CD
  • Kubernetes
  • AWS
  • Azure
• Videos
  • Getting Started
  • Infrastructure as Code
  • CI/CD
  • Kubernetes
  • Others
• Tools

Blogs

Getting Started

• What is Policy as Code?

• Introducing Policy As Code: The Open Policy Agent (OPA)

• Open Policy Agent: Authorization in a Cloud Native World

• Using Open Policy Agent for cloud-native app authorization

• Unified cloud-native authorization: Policy everywhere and for everyone

Infrastructure-as-Code

• Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure

• Regula: Validate Terraform for Policy Compliance with Open Policy Agent

CI/CD

• Validating apps against company policies in a CI pipeline

• Using Policy Controller in a CI pipeline

• Controlling Release Pipelines with Gates and Azure Policy Compliance

Kubernetes

• Better Kubernetes Security with Open Policy Agent (OPA) - Part 1

• Better Kubernetes Security with Open Policy Agent (OPA) - Part 2

• OPA the Easy Way feat. Styra DAS!

• OPA Gatekeeper: Policy and Governance for Kubernetes

• Enforce Organizational Policies and Security Best Practices to your Kubernetes Clusters By Using OPA Gatekeeper

• Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes

• Applying Pod security policies using Gatekeeper

• Authorizing Microservice APIs With OPA and Kuma

AWS

• Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent

• Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS

• IAM Insights: Automated right-sizing with policy-as-code

• AWS Cloud Security for Launch Configurations with Policy as Code

Azure

• Design Azure Policy as Code workflows

• Managing Azure Policy as Code with GitHub

• Using Terrascan with Azure DevOps

Videos

Getting Started

• How Policy as Code Brings Speed & Protection to DevOps

• Managing Open Policy Agent at Scale

• Intro: Open Policy Agent

Infrastructure-as-Code

• Managing Policy as Code With Terraform and Sentinel

• A Deep Dive into Sentinel: HashiCorp's Policy as Code Framework

• Checkov: Security & Compliance for Your Infrastructure-as-Code

CI/CD

• Integrating Policy as code into your CI/CD pipeline

Kubernetes

• Kubernetes Native Policy As Code

• Policing Your Kubernetes Clusters with Open Policy Agent (OPA)

• Policy Enforcement on Kubernetes with Open Policy Agent

• Gatekeeper and OPA

• Gatekeeper: Flexible, Shareable Policy for Kubernetes

• K8s with OPA Gatekeeper

• Using Policy-as-Code to Manage Security Risk in K8s Before & After Deployment

• How to keep your clusters safe and healthy

Others

• Open Policy Agent at Scale: How Pinterest Manages Policy Distribution

Tools

• OPA - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack

• Styra DAS - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)

• OPAL - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent

• HashiCorp Sentinel - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions

• Regula - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment

• Intercept - Policy as Code static analysis auditing

• Checkov - A static code analysis tool for infrastructure-as-code

• Terrascan - Detects security vulnerabilities and compliance violations across your Infrastructure as Code

• kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier

• Gatekeeper - Policy Controller for Kubernetes

• Gatekeeper Policy Manager (GPM)- A simple to use web-based Gatekeeper policies manager

• Konstraint - A policy management tool for interacting with Gatekeeper

• Kyverno - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans

• kube-mgmt - Sidecar for managing OPA on top of Kubernetes

• MagTape - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations

• Fregot - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine

• Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations

Sponsor

Contributing

Please refer the guidelines at contributing.md for details.