Skip to content

Latest commit

 

History

History
178 lines (96 loc) · 9.39 KB

README.md

File metadata and controls

178 lines (96 loc) · 9.39 KB

Awesome Policy-as-Code Awesome

List of awesome resources about Policy-as-Code included blogs, videos, and tools.

Contents

Blogs

Getting Started

Infrastructure-as-Code

CI/CD

Kubernetes

AWS

Azure

Videos

Getting Started

Infrastructure-as-Code

CI/CD

Kubernetes

Others

Tools

  • OPA - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack

  • Styra DAS - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)

  • OPAL - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent

  • OPCR - An open-source project that secures the software supply chain of OPA policies.

  • Topaz - An open-source authorization project that provides a data plane for OPA policies.

  • HashiCorp Sentinel - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions

  • Regula - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment

  • Intercept - Policy as Code static analysis auditing

  • Checkov - A static code analysis tool for infrastructure-as-code

  • Terrascan - Detects security vulnerabilities and compliance violations across your Infrastructure as Code

  • kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier

  • Gatekeeper - Policy Controller for Kubernetes

  • Gatekeeper Policy Manager (GPM)- A simple to use web-based Gatekeeper policies manager

  • Konstraint - A policy management tool for interacting with Gatekeeper

  • Kyverno - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans

  • kube-mgmt - Sidecar for managing OPA on top of Kubernetes

  • MagTape - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations

  • Fregot - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine

  • Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations

  • Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Sponsor

Practical DevSecOps

Contributing

Please refer the guidelines at contributing.md for details.