awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
https://github.com/hysnsec/awesome-policy-as-code
Last synced: 5 days ago
JSON representation
-
Tools
-
Others
- Regula - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment
- OPA - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack
- OPAL - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent
- Intercept - Policy as Code static analysis auditing
- Checkov - A static code analysis tool for infrastructure-as-code
- Terrascan - Detects security vulnerabilities and compliance violations across your Infrastructure as Code
- kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier
- Gatekeeper - Policy Controller for Kubernetes
- Gatekeeper Policy Manager (GPM) - A simple to use web-based Gatekeeper policies manager
- Konstraint - A policy management tool for interacting with Gatekeeper
- Kyverno - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans
- kube-mgmt - Sidecar for managing OPA on top of Kubernetes
- MagTape - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations
- Fregot - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine
- Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations
- Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
- Styra DAS - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)
- OPCR - An open-source project that secures the software supply chain of OPA policies.
- Terrascan - Detects security vulnerabilities and compliance violations across your Infrastructure as Code
-
-
Videos
-
Kubernetes
- Kubernetes Native Policy As Code
- Kubernetes Native Policy As Code
- Kubernetes Native Policy As Code
- Policing Your Kubernetes Clusters with Open Policy Agent (OPA)
- Policy Enforcement on Kubernetes with Open Policy Agent
- Gatekeeper and OPA
- Gatekeeper: Flexible, Shareable Policy for Kubernetes
- K8s with OPA Gatekeeper
- Using Policy-as-Code to Manage Security Risk in K8s Before & After Deployment
- How to keep your clusters safe and healthy
-
Getting Started
-
Infrastructure-as-Code
-
CI/CD
-
Others
-
-
Blogs
-
AWS
- AWS Cloud Security for Launch Configurations with Policy as Code
- Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
- Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS
- IAM Insights: Automated right-sizing with policy-as-code
- AWS Cloud Security for Launch Configurations with Policy as Code
- AWS Cloud Security for Launch Configurations with Policy as Code
-
Getting Started
-
Infrastructure-as-Code
-
CI/CD
-
Kubernetes
- Better Kubernetes Security with Open Policy Agent (OPA) - Part 1
- Better Kubernetes Security with Open Policy Agent (OPA) - Part 2
- Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes
- OPA the Easy Way feat. Styra DAS!
- OPA Gatekeeper: Policy and Governance for Kubernetes
- Enforce Organizational Policies and Security Best Practices to your Kubernetes Clusters By Using OPA Gatekeeper
- Applying Pod security policies using Gatekeeper
- Authorizing Microservice APIs With OPA and Kuma
-
Azure
-
Programming Languages
Sub Categories
Keywords
kubernetes
9
opa
6
policy
6
security
5
devops
4
compliance
4
infrastructure-as-code
4
security-tools
4
aws
4
devsecops
4
gatekeeper
3
sast
3
iac
3
aws-security
3
terraform
3
scans
3
open-policy-agent
3
azure
2
static-analysis
2
infrastructure
2
terrascan
2
security-violations
2
gcp-security
2
cloudsecurity
2
k8s
2
cloud-security
2
azure-security
2
rego
2
policy-engine
2
policy-as-code
2
architecture
2
gcp
2
cloudformation
1
security-automation
1
security-audit
1
secconf
1
scanner
1
policy-monitoring
1
policy-evaluation
1
enforcement
1
auditing
1
audit
1
lolcat
1
json
1
doge
1
declarative
1
cloud-native
1
serverless
1
rules-engine
1
management
1