{"id":22559949,"url":"https://github.com/paulveillard/cybersecurity-policy-as-code","last_synced_at":"2025-07-23T15:06:38.705Z","repository":{"id":109658716,"uuid":"463998393","full_name":"paulveillard/cybersecurity-policy-as-code","owner":"paulveillard","description":"An ongoing \u0026 curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Policy-As-Code.","archived":false,"fork":false,"pushed_at":"2022-08-31T20:22:43.000Z","size":33,"stargazers_count":4,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-15T00:17:40.713Z","etag":null,"topics":["backend-as-a-service","infrastructure-as-code","policies","policy","policy-as-code","policy-management","remediation"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paulveillard.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"contributing.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-02-27T00:16:31.000Z","updated_at":"2024-08-23T09:11:15.000Z","dependencies_parsed_at":"2023-04-23T06:33:30.261Z","dependency_job_id":null,"html_url":"https://github.com/paulveillard/cybersecurity-policy-as-code","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/paulveillard/cybersecurity-policy-as-code","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-policy-as-code","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-policy-as-code/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-policy-as-code/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-policy-as-code/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paulveillard","download_url":"https://codeload.github.com/paulveillard/cybersecurity-policy-as-code/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-policy-as-code/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266699620,"owners_count":23970530,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-23T02:00:09.312Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backend-as-a-service","infrastructure-as-code","policies","policy","policy-as-code","policy-management","remediation"],"created_at":"2024-12-07T21:10:13.516Z","updated_at":"2025-07-23T15:06:38.696Z","avatar_url":"https://github.com/paulveillard.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secure Policy-As-Code \n\nAn ongoing \u0026 curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Policy-As-Code.\n\u003e Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.\n\n\n## `Table of Contents`\n\n- [Blogs](#blogs)\n  - [Getting Started](#getting-started)\n  - [Infrastructure as Code](#infrastructure-as-code)\n  - [CI/CD](#cicd)\n  - [Kubernetes](#kubernetes)\n  - [AWS](#aws)\n  - [Azure](#azure)\n- [Videos](#videos)\n  - [Getting Started](#getting-started-1)\n  - [Infrastructure as Code](#infrastructure-as-code-1)\n  - [CI/CD](#cicd-1)\n  - [Kubernetes](#kubernetes-1)\n  - [Others](#others)\n- [Tools](#tools)\n\n## `Blogs`\n\n### Getting Started\n\n- [What is Policy as Code?](https://blog.container-solutions.com/what-is-policy-as-code)\n\n- [Introducing Policy As Code: The Open Policy Agent (OPA)](https://www.cncf.io/blog/2020/08/13/introducing-policy-as-code-the-open-policy-agent-opa/)\n\n- [Open Policy Agent: Authorization in a Cloud Native World](https://www.aquasec.com/cloud-native-academy/cloud-native-applications/open-policy-agent-authorization-in-a-cloud-native-world/)\n\n- [Using Open Policy Agent for cloud-native app authorization](https://blog.styra.com/blog/using-open-policy-agent-for-cloud-native-app-authorization)\n\n- [Unified cloud-native authorization: Policy everywhere and for everyone](https://blog.styra.com/blog/unified-cloud-native-authorization-rego-policy-builder)\n\n### Infrastructure-as-Code\n\n- [Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure](https://cloudsecurityalliance.org/blog/2020/02/21/using-open-policy-agent-opa-to-develop-policy-as-code-for-cloud-infrastructure/)\n\n- [Regula: Validate Terraform for Policy Compliance with Open Policy Agent](https://dev.to/andrewwright/regula-validate-terraform-for-policy-compliance-with-open-policy-agent-37lg)\n\n### CI/CD\n\n- [Validating apps against company policies in a CI pipeline](https://cloud.google.com/anthos-config-management/docs/tutorials/app-policy-validation-ci-pipeline)\n\n- [Using Policy Controller in a CI pipeline](https://cloud.google.com/anthos-config-management/docs/tutorials/policy-agent-ci-pipeline)\n\n- [Controlling Release Pipelines with Gates and Azure Policy Compliance](https://devblogs.microsoft.com/devops/controlling-release-pipelines-with-gates-and-azure-policy-compliance/)\n\n### Kubernetes\n\n- [Better Kubernetes Security with Open Policy Agent (OPA) - Part 1](https://www.openshift.com/blog/better-kubernetes-security-with-open-policy-agent-opa-part-1)\n\n- [Better Kubernetes Security with Open Policy Agent (OPA) - Part 2](https://www.openshift.com/blog/better-kubernetes-security-with-open-policy-agent-opa-part-2)\n\n- [OPA the Easy Way feat. Styra DAS!](https://www.infracloud.io/blogs/opa-the-easy-way-featuring-styra-das/)\n\n- [OPA Gatekeeper: Policy and Governance for Kubernetes](https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/)\n\n- [Enforce Organizational Policies and Security Best Practices to your Kubernetes Clusters By Using OPA Gatekeeper](https://medium.com/trendyol-tech/enforce-organizational-policies-and-security-best-practices-to-your-kubernetes-clusters-by-using-dfc085528e07)\n\n- [Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes](https://elastisys.com/enforcing-policy-as-code-using-opa-and-gatekeeper-in-kubernetes/)\n\n- [Applying Pod security policies using Gatekeeper](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies-with-gatekeeper)\n\n- [Authorizing Microservice APIs With OPA and Kuma](https://konghq.com/blog/authorize-api-opa-kuma?utm_source=youtube\u0026utm_medium=social\u0026utm_campaign=community)\n\n### AWS\n\n- [Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent](https://aws.amazon.com/blogs/opensource/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent/)\n\n- [Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS](https://aws.amazon.com/blogs/containers/using-gatekeeper-as-a-drop-in-pod-security-policy-replacement-in-amazon-eks/)\n\n- [IAM Insights: Automated right-sizing with policy-as-code](https://bridgecrew.io/blog/iam-insights-automated-right-sizing-for-iam-policy-code/)\n\n- [AWS Cloud Security for Launch Configurations with Policy as Code](https://www.accurics.com/blog/security-blog/aws-cloud-security-for-launch-configurations-with-policy-as-code/)\n\n### Azure\n\n- [Design Azure Policy as Code workflows](https://docs.microsoft.com/en-us/azure/governance/policy/concepts/policy-as-code)\n\n- [Managing Azure Policy as Code with GitHub](https://github.com/Azure/manage-azure-policy/blob/main/tutorial/azure-policy-as-code.md)\n\n- [Using Terrascan with Azure DevOps](https://lgulliver.github.io/terrascan-in-azure-devops/)\n\n## `Videos`\n\n### Getting Started\n\n- [How Policy as Code Brings Speed \u0026 Protection to DevOps](https://www.youtube.com/watch?v=cOOw4d_6WyA)\n\n- [Managing Open Policy Agent at Scale](https://www.youtube.com/watch?v=oLO74V1Y4gM)\n\n- [Intro: Open Policy Agent](https://www.youtube.com/watch?v=Lca5u_ODS5s)\n\n### Infrastructure-as-Code\n\n- [Managing Policy as Code With Terraform and Sentinel](https://www.youtube.com/watch?v=z_m4fFYym30)\n\n- [A Deep Dive into Sentinel: HashiCorp's Policy as Code Framework](https://www.youtube.com/watch?v=5gHo8PIA2uc)\n\n- [Checkov: Security \u0026 Compliance for Your Infrastructure-as-Code](https://www.youtube.com/watch?v=n5EdM-e-9DU)\n\n### CI/CD\n\n- [Integrating Policy as code into your CI/CD pipeline](https://www.youtube.com/watch?v=sUNhRHQ2YrY)\n\n### Kubernetes\n\n- [Kubernetes Native Policy As Code](https://youtu.be/6GGg2WyhJfY)\n\n- [Policing Your Kubernetes Clusters with Open Policy Agent (OPA)](https://www.youtube.com/watch?v=RDWndems-sk)\n\n- [Policy Enforcement on Kubernetes with Open Policy Agent](https://www.youtube.com/watch?v=UN0su8fdGcs)\n\n- [Gatekeeper and OPA](https://www.youtube.com/watch?v=ZJgaGJm9NJE)\n\n- [Gatekeeper: Flexible, Shareable Policy for Kubernetes](https://www.youtube.com/watch?v=6Kur5MXg7us)\n\n- [K8s with OPA Gatekeeper](https://www.youtube.com/watch?v=v4wJE3I8BYM)\n\n- [Using Policy-as-Code to Manage Security Risk in K8s Before \u0026 After Deployment](https://www.youtube.com/watch?v=ZyOCLALjV98)\n\n- [How to keep your clusters safe and healthy](https://www.youtube.com/watch?v=rSq-xqhQ09Q)\n\n### Others\n\n- [Open Policy Agent at Scale: How Pinterest Manages Policy Distribution](https://www.youtube.com/watch?v=LhgxFICWsA8)\n\n## Tools\n\n- [OPA](https://github.com/open-policy-agent/opa) - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack\n\n- [Styra DAS](https://www.styra.com/pricing) - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)\n\n- [OPAL](https://github.com/authorizon/opal) - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent\n\n- [HashiCorp Sentinel](https://docs.hashicorp.com/sentinel) - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions\n\n- [Regula](https://github.com/fugue/regula) - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment\n\n- [Intercept](https://github.com/xfhg/intercept) - Policy as Code static analysis auditing\n\n- [Checkov](https://github.com/bridgecrewio/checkov) - A static code analysis tool for infrastructure-as-code\n\n- [Terrascan](https://github.com/accurics/terrascan) - Detects security vulnerabilities and compliance violations across your Infrastructure as Code\n\n- [kics](https://github.com/Checkmarx/kics) - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier\n\n- [Gatekeeper](https://github.com/open-policy-agent/gatekeeper) - Policy Controller for Kubernetes\n\n- [Gatekeeper Policy Manager (GPM)](https://github.com/sighupio/gatekeeper-policy-manager)- A simple to use web-based Gatekeeper policies manager\n\n- [Konstraint](https://github.com/plexsystems/konstraint) - A policy management tool for interacting with Gatekeeper \n\n- [Kyverno](https://github.com/kyverno/kyverno) - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans\n\n- [kube-mgmt](https://github.com/open-policy-agent/kube-mgmt) - Sidecar for managing OPA on top of Kubernetes\n\n- [MagTape](https://github.com/tmobile/magtape) - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations\n\n- [Fregot](https://github.com/fugue/Fregot) - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine\n\n- [Deprek8ion](https://github.com/swade1987/deprek8ion) - A set of rego policies to monitor Kubernetes APIs deprecations\n\n## `Sponsor`\n\n![Practical DevSecOps](images/practical-devsecops-logo.png)\n\n## Contributing\n\nPlease refer the guidelines at [contributing.md for details](Contributing.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulveillard%2Fcybersecurity-policy-as-code","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaulveillard%2Fcybersecurity-policy-as-code","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulveillard%2Fcybersecurity-policy-as-code/lists"}