Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hysnsec/awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
https://github.com/hysnsec/awesome-policy-as-code
List: awesome-policy-as-code
appsec awesome awesome-list devsecops policy-as-code practical-devsecops
Last synced: 16 days ago
JSON representation
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
- Host: GitHub
- URL: https://github.com/hysnsec/awesome-policy-as-code
- Owner: hysnsec
- License: cc0-1.0
- Created: 2021-04-27T10:24:01.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-12-06T05:55:14.000Z (about 1 year ago)
- Last Synced: 2024-11-29T02:34:55.596Z (22 days ago)
- Topics: appsec, awesome, awesome-list, devsecops, policy-as-code, practical-devsecops
- Homepage:
- Size: 110 KB
- Stars: 182
- Watchers: 18
- Forks: 25
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: Contributing.md
- License: LICENSE.md
Awesome Lists containing this project
- ultimate-awesome - awesome-policy-as-code - A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code. (Other Lists / Monkey C Lists)
README
# Awesome Policy-as-Code [![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re)
List of awesome resources about **Policy-as-Code** included blogs, videos, and tools.
## Contents
- [Blogs](#blogs)
- [Getting Started](#getting-started)
- [Infrastructure as Code](#infrastructure-as-code)
- [CI/CD](#cicd)
- [Kubernetes](#kubernetes)
- [AWS](#aws)
- [Azure](#azure)
- [Videos](#videos)
- [Getting Started](#getting-started-1)
- [Infrastructure as Code](#infrastructure-as-code-1)
- [CI/CD](#cicd-1)
- [Kubernetes](#kubernetes-1)
- [Others](#others)
- [Tools](#tools)## Blogs
### Getting Started
- [What is Policy as Code?](https://blog.container-solutions.com/what-is-policy-as-code)
- [Introducing Policy As Code: The Open Policy Agent (OPA)](https://www.cncf.io/blog/2020/08/13/introducing-policy-as-code-the-open-policy-agent-opa/)
- [Open Policy Agent: Authorization in a Cloud Native World](https://www.aquasec.com/cloud-native-academy/cloud-native-applications/open-policy-agent-authorization-in-a-cloud-native-world/)
- [Using Open Policy Agent for cloud-native app authorization](https://blog.styra.com/blog/using-open-policy-agent-for-cloud-native-app-authorization)
- [Unified cloud-native authorization: Policy everywhere and for everyone](https://blog.styra.com/blog/unified-cloud-native-authorization-rego-policy-builder)
### Infrastructure-as-Code
- [Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure](https://cloudsecurityalliance.org/blog/2020/02/21/using-open-policy-agent-opa-to-develop-policy-as-code-for-cloud-infrastructure/)
- [Regula: Validate Terraform for Policy Compliance with Open Policy Agent](https://dev.to/andrewwright/regula-validate-terraform-for-policy-compliance-with-open-policy-agent-37lg)
### CI/CD
- [Validating apps against company policies in a CI pipeline](https://cloud.google.com/anthos-config-management/docs/tutorials/app-policy-validation-ci-pipeline)
- [Using Policy Controller in a CI pipeline](https://cloud.google.com/anthos-config-management/docs/tutorials/policy-agent-ci-pipeline)
- [Controlling Release Pipelines with Gates and Azure Policy Compliance](https://devblogs.microsoft.com/devops/controlling-release-pipelines-with-gates-and-azure-policy-compliance/)
### Kubernetes
- [Better Kubernetes Security with Open Policy Agent (OPA) - Part 1](https://www.openshift.com/blog/better-kubernetes-security-with-open-policy-agent-opa-part-1)
- [Better Kubernetes Security with Open Policy Agent (OPA) - Part 2](https://www.openshift.com/blog/better-kubernetes-security-with-open-policy-agent-opa-part-2)
- [OPA the Easy Way feat. Styra DAS!](https://www.infracloud.io/blogs/opa-the-easy-way-featuring-styra-das/)
- [OPA Gatekeeper: Policy and Governance for Kubernetes](https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/)
- [Enforce Organizational Policies and Security Best Practices to your Kubernetes Clusters By Using OPA Gatekeeper](https://medium.com/trendyol-tech/enforce-organizational-policies-and-security-best-practices-to-your-kubernetes-clusters-by-using-dfc085528e07)
- [Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes](https://elastisys.com/enforcing-policy-as-code-using-opa-and-gatekeeper-in-kubernetes/)
- [Applying Pod security policies using Gatekeeper](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies-with-gatekeeper)
- [Authorizing Microservice APIs With OPA and Kuma](https://konghq.com/blog/authorize-api-opa-kuma?utm_source=youtube&utm_medium=social&utm_campaign=community)
### AWS
- [Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent](https://aws.amazon.com/blogs/opensource/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent/)
- [Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS](https://aws.amazon.com/blogs/containers/using-gatekeeper-as-a-drop-in-pod-security-policy-replacement-in-amazon-eks/)
- [IAM Insights: Automated right-sizing with policy-as-code](https://bridgecrew.io/blog/iam-insights-automated-right-sizing-for-iam-policy-code/)
- [AWS Cloud Security for Launch Configurations with Policy as Code](https://www.accurics.com/blog/security-blog/aws-cloud-security-for-launch-configurations-with-policy-as-code/)
### Azure
- [Design Azure Policy as Code workflows](https://docs.microsoft.com/en-us/azure/governance/policy/concepts/policy-as-code)
- [Managing Azure Policy as Code with GitHub](https://github.com/Azure/manage-azure-policy/blob/main/tutorial/azure-policy-as-code.md)
- [Using Terrascan with Azure DevOps](https://lgulliver.github.io/terrascan-in-azure-devops/)
## Videos
### Getting Started
- [How Policy as Code Brings Speed & Protection to DevOps](https://www.youtube.com/watch?v=cOOw4d_6WyA)
- [Managing Open Policy Agent at Scale](https://www.youtube.com/watch?v=oLO74V1Y4gM)
- [Intro: Open Policy Agent](https://www.youtube.com/watch?v=Lca5u_ODS5s)
### Infrastructure-as-Code
- [Managing Policy as Code With Terraform and Sentinel](https://www.youtube.com/watch?v=z_m4fFYym30)
- [A Deep Dive into Sentinel: HashiCorp's Policy as Code Framework](https://www.youtube.com/watch?v=5gHo8PIA2uc)
- [Checkov: Security & Compliance for Your Infrastructure-as-Code](https://www.youtube.com/watch?v=n5EdM-e-9DU)
### CI/CD
- [Integrating Policy as code into your CI/CD pipeline](https://www.youtube.com/watch?v=sUNhRHQ2YrY)
### Kubernetes
- [Kubernetes Native Policy As Code](https://youtu.be/6GGg2WyhJfY)
- [Policing Your Kubernetes Clusters with Open Policy Agent (OPA)](https://www.youtube.com/watch?v=RDWndems-sk)
- [Policy Enforcement on Kubernetes with Open Policy Agent](https://www.youtube.com/watch?v=UN0su8fdGcs)
- [Gatekeeper and OPA](https://www.youtube.com/watch?v=ZJgaGJm9NJE)
- [Gatekeeper: Flexible, Shareable Policy for Kubernetes](https://www.youtube.com/watch?v=6Kur5MXg7us)
- [K8s with OPA Gatekeeper](https://www.youtube.com/watch?v=v4wJE3I8BYM)
- [Using Policy-as-Code to Manage Security Risk in K8s Before & After Deployment](https://www.youtube.com/watch?v=ZyOCLALjV98)
- [How to keep your clusters safe and healthy](https://www.youtube.com/watch?v=rSq-xqhQ09Q)
### Others
- [Open Policy Agent at Scale: How Pinterest Manages Policy Distribution](https://www.youtube.com/watch?v=LhgxFICWsA8)
## Tools
- [OPA](https://github.com/open-policy-agent/opa) - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack
- [Styra DAS](https://www.styra.com/pricing) - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)
- [OPAL](https://github.com/authorizon/opal) - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent
- [OPCR](https://openpolicycontainers.com/) - An open-source project that secures the software supply chain of OPA policies.
- [Topaz](https://www.topaz.sh) - An open-source authorization project that provides a data plane for OPA policies.
- [HashiCorp Sentinel](https://docs.hashicorp.com/sentinel) - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions
- [Regula](https://github.com/fugue/regula) - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment
- [Intercept](https://github.com/xfhg/intercept) - Policy as Code static analysis auditing
- [Checkov](https://github.com/bridgecrewio/checkov) - A static code analysis tool for infrastructure-as-code
- [Terrascan](https://github.com/accurics/terrascan) - Detects security vulnerabilities and compliance violations across your Infrastructure as Code
- [kics](https://github.com/Checkmarx/kics) - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier
- [Gatekeeper](https://github.com/open-policy-agent/gatekeeper) - Policy Controller for Kubernetes
- [Gatekeeper Policy Manager (GPM)](https://github.com/sighupio/gatekeeper-policy-manager)- A simple to use web-based Gatekeeper policies manager
- [Konstraint](https://github.com/plexsystems/konstraint) - A policy management tool for interacting with Gatekeeper
- [Kyverno](https://github.com/kyverno/kyverno) - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans
- [kube-mgmt](https://github.com/open-policy-agent/kube-mgmt) - Sidecar for managing OPA on top of Kubernetes
- [MagTape](https://github.com/tmobile/magtape) - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations
- [Fregot](https://github.com/fugue/Fregot) - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine
- [Deprek8ion](https://github.com/swade1987/deprek8ion) - A set of rego policies to monitor Kubernetes APIs deprecations
- [Cloud Custodian](https://github.com/cloud-custodian/cloud-custodian) - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
## Sponsor
![Practical DevSecOps](images/practical-devsecops-logo.png)
## Contributing
Please refer the guidelines at [contributing.md for details](Contributing.md).