Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fugue/regula

Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego
https://github.com/fugue/regula

Last synced: about 2 months ago
JSON representation

Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego

Host: GitHub
URL: https://github.com/fugue/regula
Owner: fugue
License: apache-2.0
Created: 2019-12-17T14:27:12.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2024-07-15T01:35:11.000Z (2 months ago)
Last Synced: 2024-07-25T12:51:51.762Z (about 2 months ago)
Language: Open Policy Agent
Homepage: https://regula.dev/
Size: 3.48 MB
Stars: 945
Watchers: 30
Forks: 106
Open Issues: 60
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

awesome-policy-as-code - Regula - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment (Tools / Others)
awesome-devsecops - Regula - _Fugue_ - Evaluate Terraform infrastructure-as-code for potential security misconfigurations and compliance violations prior to deployment. (Tools / Infrastructure as Code Analysis)
awesome-repositories - fugue/regula - Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego (Open Policy Agent)
awesome-opa - Regula - Evaluates Terraform code for potential security misconfigurations and compliance violations. (Infrastructure as Code / Datasource Integrations Blogs and Articles)
awesome-tf - regula - Evaluates Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security misconfigurations and compliance violations prior to deployment. (Tools / Community providers)
jimsghstars - fugue/regula - Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego (Open Policy Agent)

README

        # Regula

**Tip: See all of our documentation at [regula.dev](https://regula.dev)!**

- [Regula](#regula)

  - [Introduction](#introduction)

  - [Installation](#installation)

    - [Homebrew (macOS & Linux)](#homebrew-macos--linux)

    - [Prebuilt binary (all platforms)](#prebuilt-binary-all-platforms)

    - [Docker (all platforms)](#docker-all-platforms)

    - [From source](#from-source)

  - [Usage](#usage)

  - [For more information](#for-more-information)

## Introduction

[Regula](https://regula.dev) is a tool that evaluates infrastructure as code files for potential AWS, Azure, Google Cloud, and Kubernetes security and compliance violations prior to deployment.

Regula supports the following file types:

- CloudFormation JSON/YAML templates

- Terraform source code

- Terraform JSON plans

- Kubernetes YAML manifests

- Azure Resource Manager (ARM) JSON templates _(in preview)_

Regula includes a library of rules written in Rego, the policy language used by the [Open Policy Agent](https://www.openpolicyagent.org/) (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included a [GitHub Actions example](https://github.com/fugue/regula-action) so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, Google Cloud, and Kubernetes Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers at [Fugue](https://fugue.co).

Regula is also available as a Docker image on DockerHub [here](https://hub.docker.com/r/fugue/regula).

More information is available at [regula.dev](https://regula.dev).

## Installation

### Homebrew (macOS & Linux)

To install Regula via [Homebrew](https://brew.sh/):

```

brew tap fugue/regula

brew install regula

```

To upgrade Regula:

```

brew upgrade regula

```

### Prebuilt binary (all platforms)

1. Download the Regula archive for your platform from the [Releases](https://github.com/fugue/regula/releases) page.

2. Extract the downloaded archive.

3. Move the extracted `regula` binary to somewhere in your PATH:

    macOS:

    ```

    mv regula /usr/local/bin

    ```

    Linux:

    ```

    sudo mv regula /usr/local/bin

    ```

    Windows (cmd):

    ```

    md C:\regula\bin

    move regula.exe C:\regula\bin

    setx PATH "%PATH%;C:\regula\bin"

    ```

    Windows (PowerShell):

    ```

    md C:\regula\bin

    move regula.exe C:\regula\bin

    $env:Path += ";C:\regula\bin"

    # You can add '$env:Path += ";C:\regula\bin"' to your profile.ps1 file to

    # persist that change across shell sessions.

    ```

4. _Windows users only:_ Close cmd and re-open it so the changes take effect.

5. You can now run `regula`.

### Docker (all platforms)

Regula is available as a Docker image on DockerHub [here](https://hub.docker.com/r/fugue/regula).

For usage, see [Running Regula with Docker](https://regula.dev/usage.html#running-regula-with-docker).

### From source

_macOS, Linux, and [WSL](https://docs.microsoft.com/en-us/windows/wsl/install) only_

1. [Install Go (v1.18+)](https://go.dev/doc/install)

2. Build binary and move to `/usr/local/bin/regula`:

    ```bash

    make # this builds ./bin/regula

    make install # this builds ./bin/regula and installs it to /usr/local/bin/regula

    ```

Once you've built the binary, execute the following to run tests:

```

git submodule update --init --recursive

make test

```

## Usage

**For a tutorial on using Regula with example IaC, see [Getting Started](https://regula.dev/getting-started.html#tutorial-run-regula-locally-on-terraform-iac).**

```

Regula

Usage:

  regula [command]

Available Commands:

  completion        generate the autocompletion script for the specified shell

  help              Help about any command

  init              Create a new Regula configuration file in the current working directory.

  repl              Start an interactive session for testing rules with Regula

  run               Evaluate rules against infrastructure as code with Regula.

  show              Show debug information.

  test              Run OPA test with Regula.

  version           Print version information.

  write-test-inputs Persist dynamically-generated test inputs for use with other Rego interpreters

Flags:

  -h, --help      help for regula

  -v, --verbose   verbose output

Use "regula [command] --help" for more information about a command.

```

For details about each command, including examples, see [Usage](https://regula.dev/usage.html).

## For more information

Visit [regula.dev](https://regula.dev) for more information about Regula, including:

- [Regula's report output](https://regula.dev/report.html)

- [Integrations](https://regula.dev/integrations/conftest.html)

- [Writing](https://regula.dev/development/writing-rules.html) and [testing](https://regula.dev/development/testing-rules.html) custom rules

- [Configuring waivers and disabling rules](https://regula.dev/configuration.html)

- and more!

[opa]: https://www.openpolicyagent.org/

[fregot]: https://github.com/fugue/fregot

[CloudFormation]: https://docs.aws.amazon.com/cloudformation/

[Terraform]: https://www.terraform.io/

[Rego]: https://www.openpolicyagent.org/docs/latest/policy-language/

[Fugue Custom Rules]: https://docs.fugue.co/rules.html

[Conftest]: https://github.com/open-policy-agent/conftest