https://github.com/paulveillard/cybersecurity-policy-as-code

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Policy-As-Code.
https://github.com/paulveillard/cybersecurity-policy-as-code

backend-as-a-service infrastructure-as-code policies policy policy-as-code policy-management remediation

Last synced: 2 months ago
JSON representation

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Policy-As-Code.

• Host: GitHub
• URL: https://github.com/paulveillard/cybersecurity-policy-as-code
• Owner: paulveillard
• License: mit
• Created: 2022-02-27T00:16:31.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2022-08-31T20:22:43.000Z (about 3 years ago)
• Last Synced: 2025-04-15T00:17:40.713Z (6 months ago)
• Topics: backend-as-a-service, infrastructure-as-code, policies, policy, policy-as-code, policy-management, remediation
• Homepage:
• Size: 32.2 KB
• Stars: 4
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: contributing.md
  • License: LICENSE
  • Code of conduct: code-of-conduct.md

Awesome Lists containing this project

README

          
# Secure Policy-As-Code 

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Policy-As-Code.

> Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

## `Table of Contents`

- [Blogs](#blogs)

  - [Getting Started](#getting-started)

  - [Infrastructure as Code](#infrastructure-as-code)

  - [CI/CD](#cicd)

  - [Kubernetes](#kubernetes)

  - [AWS](#aws)

  - [Azure](#azure)

- [Videos](#videos)

  - [Getting Started](#getting-started-1)

  - [Infrastructure as Code](#infrastructure-as-code-1)

  - [CI/CD](#cicd-1)

  - [Kubernetes](#kubernetes-1)

  - [Others](#others)

- [Tools](#tools)

## `Blogs`

### Getting Started

- [What is Policy as Code?](https://blog.container-solutions.com/what-is-policy-as-code)

- [Introducing Policy As Code: The Open Policy Agent (OPA)](https://www.cncf.io/blog/2020/08/13/introducing-policy-as-code-the-open-policy-agent-opa/)

- [Open Policy Agent: Authorization in a Cloud Native World](https://www.aquasec.com/cloud-native-academy/cloud-native-applications/open-policy-agent-authorization-in-a-cloud-native-world/)

- [Using Open Policy Agent for cloud-native app authorization](https://blog.styra.com/blog/using-open-policy-agent-for-cloud-native-app-authorization)

- [Unified cloud-native authorization: Policy everywhere and for everyone](https://blog.styra.com/blog/unified-cloud-native-authorization-rego-policy-builder)

### Infrastructure-as-Code

- [Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure](https://cloudsecurityalliance.org/blog/2020/02/21/using-open-policy-agent-opa-to-develop-policy-as-code-for-cloud-infrastructure/)

- [Regula: Validate Terraform for Policy Compliance with Open Policy Agent](https://dev.to/andrewwright/regula-validate-terraform-for-policy-compliance-with-open-policy-agent-37lg)

### CI/CD

- [Validating apps against company policies in a CI pipeline](https://cloud.google.com/anthos-config-management/docs/tutorials/app-policy-validation-ci-pipeline)

- [Using Policy Controller in a CI pipeline](https://cloud.google.com/anthos-config-management/docs/tutorials/policy-agent-ci-pipeline)

- [Controlling Release Pipelines with Gates and Azure Policy Compliance](https://devblogs.microsoft.com/devops/controlling-release-pipelines-with-gates-and-azure-policy-compliance/)

### Kubernetes

- [Better Kubernetes Security with Open Policy Agent (OPA) - Part 1](https://www.openshift.com/blog/better-kubernetes-security-with-open-policy-agent-opa-part-1)

- [Better Kubernetes Security with Open Policy Agent (OPA) - Part 2](https://www.openshift.com/blog/better-kubernetes-security-with-open-policy-agent-opa-part-2)

- [OPA the Easy Way feat. Styra DAS!](https://www.infracloud.io/blogs/opa-the-easy-way-featuring-styra-das/)

- [OPA Gatekeeper: Policy and Governance for Kubernetes](https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/)

- [Enforce Organizational Policies and Security Best Practices to your Kubernetes Clusters By Using OPA Gatekeeper](https://medium.com/trendyol-tech/enforce-organizational-policies-and-security-best-practices-to-your-kubernetes-clusters-by-using-dfc085528e07)

- [Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes](https://elastisys.com/enforcing-policy-as-code-using-opa-and-gatekeeper-in-kubernetes/)

- [Applying Pod security policies using Gatekeeper](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies-with-gatekeeper)

- [Authorizing Microservice APIs With OPA and Kuma](https://konghq.com/blog/authorize-api-opa-kuma?utm_source=youtube&utm_medium=social&utm_campaign=community)

### AWS

- [Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent](https://aws.amazon.com/blogs/opensource/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent/)

- [Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS](https://aws.amazon.com/blogs/containers/using-gatekeeper-as-a-drop-in-pod-security-policy-replacement-in-amazon-eks/)

- [IAM Insights: Automated right-sizing with policy-as-code](https://bridgecrew.io/blog/iam-insights-automated-right-sizing-for-iam-policy-code/)

- [AWS Cloud Security for Launch Configurations with Policy as Code](https://www.accurics.com/blog/security-blog/aws-cloud-security-for-launch-configurations-with-policy-as-code/)

### Azure

- [Design Azure Policy as Code workflows](https://docs.microsoft.com/en-us/azure/governance/policy/concepts/policy-as-code)

- [Managing Azure Policy as Code with GitHub](https://github.com/Azure/manage-azure-policy/blob/main/tutorial/azure-policy-as-code.md)

- [Using Terrascan with Azure DevOps](https://lgulliver.github.io/terrascan-in-azure-devops/)

## `Videos`

### Getting Started

- [How Policy as Code Brings Speed & Protection to DevOps](https://www.youtube.com/watch?v=cOOw4d_6WyA)

- [Managing Open Policy Agent at Scale](https://www.youtube.com/watch?v=oLO74V1Y4gM)

- [Intro: Open Policy Agent](https://www.youtube.com/watch?v=Lca5u_ODS5s)

### Infrastructure-as-Code

- [Managing Policy as Code With Terraform and Sentinel](https://www.youtube.com/watch?v=z_m4fFYym30)

- [A Deep Dive into Sentinel: HashiCorp's Policy as Code Framework](https://www.youtube.com/watch?v=5gHo8PIA2uc)

- [Checkov: Security & Compliance for Your Infrastructure-as-Code](https://www.youtube.com/watch?v=n5EdM-e-9DU)

### CI/CD

- [Integrating Policy as code into your CI/CD pipeline](https://www.youtube.com/watch?v=sUNhRHQ2YrY)

### Kubernetes

- [Kubernetes Native Policy As Code](https://youtu.be/6GGg2WyhJfY)

- [Policing Your Kubernetes Clusters with Open Policy Agent (OPA)](https://www.youtube.com/watch?v=RDWndems-sk)

- [Policy Enforcement on Kubernetes with Open Policy Agent](https://www.youtube.com/watch?v=UN0su8fdGcs)

- [Gatekeeper and OPA](https://www.youtube.com/watch?v=ZJgaGJm9NJE)

- [Gatekeeper: Flexible, Shareable Policy for Kubernetes](https://www.youtube.com/watch?v=6Kur5MXg7us)

- [K8s with OPA Gatekeeper](https://www.youtube.com/watch?v=v4wJE3I8BYM)

- [Using Policy-as-Code to Manage Security Risk in K8s Before & After Deployment](https://www.youtube.com/watch?v=ZyOCLALjV98)

- [How to keep your clusters safe and healthy](https://www.youtube.com/watch?v=rSq-xqhQ09Q)

### Others

- [Open Policy Agent at Scale: How Pinterest Manages Policy Distribution](https://www.youtube.com/watch?v=LhgxFICWsA8)

## Tools

- [OPA](https://github.com/open-policy-agent/opa) - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack

- [Styra DAS](https://www.styra.com/pricing) - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)

- [OPAL](https://github.com/authorizon/opal) - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent

- [HashiCorp Sentinel](https://docs.hashicorp.com/sentinel) - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions

- [Regula](https://github.com/fugue/regula) - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment

- [Intercept](https://github.com/xfhg/intercept) - Policy as Code static analysis auditing

- [Checkov](https://github.com/bridgecrewio/checkov) - A static code analysis tool for infrastructure-as-code

- [Terrascan](https://github.com/accurics/terrascan) - Detects security vulnerabilities and compliance violations across your Infrastructure as Code

- [kics](https://github.com/Checkmarx/kics) - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier

- [Gatekeeper](https://github.com/open-policy-agent/gatekeeper) - Policy Controller for Kubernetes

- [Gatekeeper Policy Manager (GPM)](https://github.com/sighupio/gatekeeper-policy-manager)- A simple to use web-based Gatekeeper policies manager

- [Konstraint](https://github.com/plexsystems/konstraint) - A policy management tool for interacting with Gatekeeper 

- [Kyverno](https://github.com/kyverno/kyverno) - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans

- [kube-mgmt](https://github.com/open-policy-agent/kube-mgmt) - Sidecar for managing OPA on top of Kubernetes

- [MagTape](https://github.com/tmobile/magtape) - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations

- [Fregot](https://github.com/fugue/Fregot) - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine

- [Deprek8ion](https://github.com/swade1987/deprek8ion) - A set of rego policies to monitor Kubernetes APIs deprecations

## `Sponsor`

![Practical DevSecOps](images/practical-devsecops-logo.png)

## Contributing

Please refer the guidelines at [contributing.md for details](Contributing.md).