List of awesome resources about Policy-as-Code included blogs, videos, and tools.
-
Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure
-
Regula: Validate Terraform for Policy Compliance with Open Policy Agent
-
Better Kubernetes Security with Open Policy Agent (OPA) - Part 1
-
Better Kubernetes Security with Open Policy Agent (OPA) - Part 2
-
Enforcing Policy as Code using OPA and Gatekeeper in Kubernetes
-
Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
-
Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS
-
AWS Cloud Security for Launch Configurations with Policy as Code
-
A Deep Dive into Sentinel: HashiCorp's Policy as Code Framework
-
Checkov: Security & Compliance for Your Infrastructure-as-Code
-
Policing Your Kubernetes Clusters with Open Policy Agent (OPA)
-
Using Policy-as-Code to Manage Security Risk in K8s Before & After Deployment
-
OPA - An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack
-
Styra DAS - Commercial tools for managing OPA at scale and created by the founders and maintainers of Open Policy Agent (OPA)
-
OPAL - Policy and data administration, distribution, and real-time updates on top of Open Policy Agent
-
OPCR - An open-source project that secures the software supply chain of OPA policies.
-
Topaz - An open-source authorization project that provides a data plane for OPA policies.
-
HashiCorp Sentinel - A language and framework for policy built to be embedded in existing software to enable fine-grained, logic-based policy decisions
-
Regula - A tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment
-
Intercept - Policy as Code static analysis auditing
-
Checkov - A static code analysis tool for infrastructure-as-code
-
Terrascan - Detects security vulnerabilities and compliance violations across your Infrastructure as Code
-
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier
-
Gatekeeper - Policy Controller for Kubernetes
-
Gatekeeper Policy Manager (GPM)- A simple to use web-based Gatekeeper policies manager
-
Konstraint - A policy management tool for interacting with Gatekeeper
-
Kyverno - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans
-
kube-mgmt - Sidecar for managing OPA on top of Kubernetes
-
MagTape - A Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations
-
Fregot - A set of tools for working with the Rego policy language, which is part of the Open Policy Agent (OPA) policy engine
-
Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations
-
Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Please refer the guidelines at contributing.md for details.