A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
List of awesome resources about Policy-as-Code included blogs, videos, and tools.
Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure
Regula: Validate Terraform for Policy Compliance with Open Policy Agent
Better Kubernetes Security with Open Policy Agent (OPA) - Part 1
Better Kubernetes Security with Open Policy Agent (OPA) - Part 2
Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes
Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS
AWS Cloud Security for Launch Configurations with Policy as Code
A Deep Dive into Sentinel: HashiCorp's Policy as Code Framework
Checkov: Security & Compliance for Your Infrastructure-as-Code
Policing Your Kubernetes Clusters with Open Policy Agent (OPA)
Using Policy-as-Code to Manage Security Risk in K8s Before & After Deployment
OPA - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack
Styra DAS - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)
OPAL - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent
OPCR - An open-source project that secures the software supply chain of OPA policies.
Topaz - An open-source authorization project that provides a data plane for OPA policies.
HashiCorp Sentinel - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions
Regula - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment
Intercept - Policy as Code static analysis auditing
Checkov - A static code analysis tool for infrastructure-as-code
Terrascan - Detects security vulnerabilities and compliance violations across your Infrastructure as Code
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier
Gatekeeper - Policy Controller for Kubernetes
Gatekeeper Policy Manager (GPM)- A simple to use web-based Gatekeeper policies manager
Konstraint - A policy management tool for interacting with Gatekeeper
Kyverno - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans
kube-mgmt - Sidecar for managing OPA on top of Kubernetes
MagTape - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations
Fregot - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine
Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations
Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Please refer the guidelines at contributing.md for details.