Awesome Policy-as-Code

List of awesome resources about Policy-as-Code included blogs, videos, and tools.

Contents

• Blogs
  • Getting Started
  • Infrastructure as Code
  • CI/CD
  • Kubernetes
  • AWS
  • Azure
• Videos
  • Getting Started
  • Infrastructure as Code
  • CI/CD
  • Kubernetes
  • Others
• Tools

Blogs

Getting Started

• What is Policy as Code?

• Introducing Policy As Code: The Open Policy Agent (OPA)

• Open Policy Agent: Authorization in a Cloud Native World

• Using Open Policy Agent for cloud-native app authorization

• Unified cloud-native authorization: Policy everywhere and for everyone

Infrastructure-as-Code

• Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure

• Regula: Validate Terraform for Policy Compliance with Open Policy Agent

CI/CD

• Validating apps against company policies in a CI pipeline

• Using Policy Controller in a CI pipeline

• Controlling Release Pipelines with Gates and Azure Policy Compliance

Kubernetes

• Better Kubernetes Security with Open Policy Agent (OPA) - Part 1

• Better Kubernetes Security with Open Policy Agent (OPA) - Part 2

• OPA the Easy Way feat. Styra DAS!

• OPA Gatekeeper: Policy and Governance for Kubernetes

• Enforce Organizational Policies and Security Best Practices to your Kubernetes Clusters By Using OPA Gatekeeper

• Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes

• Applying Pod security policies using Gatekeeper

• Authorizing Microservice APIs With OPA and Kuma

AWS

• Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent

• Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS

• IAM Insights: Automated right-sizing with policy-as-code

• AWS Cloud Security for Launch Configurations with Policy as Code

Azure

• Design Azure Policy as Code workflows

• Managing Azure Policy as Code with GitHub

• Using Terrascan with Azure DevOps

Videos

Getting Started

• How Policy as Code Brings Speed & Protection to DevOps

• Managing Open Policy Agent at Scale

• Intro: Open Policy Agent

Infrastructure-as-Code

• Managing Policy as Code With Terraform and Sentinel

• A Deep Dive into Sentinel: HashiCorp's Policy as Code Framework

• Checkov: Security & Compliance for Your Infrastructure-as-Code

CI/CD

• Integrating Policy as code into your CI/CD pipeline

Kubernetes

• Kubernetes Native Policy As Code

• Policing Your Kubernetes Clusters with Open Policy Agent (OPA)

• Policy Enforcement on Kubernetes with Open Policy Agent

• Gatekeeper and OPA

• Gatekeeper: Flexible, Shareable Policy for Kubernetes

• K8s with OPA Gatekeeper

• Using Policy-as-Code to Manage Security Risk in K8s Before & After Deployment

• How to keep your clusters safe and healthy

Others

• Open Policy Agent at Scale: How Pinterest Manages Policy Distribution

Tools

• OPA - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack

• Styra DAS - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)

• OPAL - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent

• OPCR - An open-source project that secures the software supply chain of OPA policies.

• Topaz - An open-source authorization project that provides a data plane for OPA policies.

• HashiCorp Sentinel - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions

• Regula - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment

• Intercept - Policy as Code static analysis auditing

• Checkov - A static code analysis tool for infrastructure-as-code

• Terrascan - Detects security vulnerabilities and compliance violations across your Infrastructure as Code

• kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier

• Gatekeeper - Policy Controller for Kubernetes

• Gatekeeper Policy Manager (GPM)- A simple to use web-based Gatekeeper policies manager

• Konstraint - A policy management tool for interacting with Gatekeeper

• Kyverno - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans

• kube-mgmt - Sidecar for managing OPA on top of Kubernetes

• MagTape - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations

• Fregot - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine

• Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations

• Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Sponsor

Contributing

Please refer the guidelines at contributing.md for details.