🚨 Security doesn't start in prod — it starts at terraform plan.
With Policy as Code tools like #OPA, #Checkov, Snyk, and #Sentinel by HashiCorp, you can catch misconfigs before they deploy. 🛡️
#policyascode
Nicholaos Mouzourakis at Gusto has been a long-time contributor to #OPA, and has written some of the best blogs on #Rego we've read. Turns out he is just as great talking about it on video! Just published on YouTube, "Super-Scaling Open Policy Agent with Batch Queries" is a deep-dive into an advanced OPA topic, explained well enough to be interesting to most. Hosted by the ever excellent Bart Farrell. Recommended!
A new #Regal release is out! Featuring 4 new linter rules, and a bunch of performance improvements along with the usual fixes. I'm particularly happy about the new "narrow-argument" rule, as I don't know many tools do that type of analysis for any language. It's an optional rule though, so make sure to enable it if you want to try it out!
The #KubeCon recordings are now on YouTube! We'll be posting links to all the #OpenPolicyAgent related ones as we watch them. First out is the #OPA maintainer track session, where @charlieegan3 and @anderseknert give a short introduction to OPA and Rego, followed by a deep-dive into recent performance improvements, and a sneak peek at the project roadmap. Check it out!
CIS ✅ STIG ✅ FedRAMP ✅ NIST ✅
Anchore Enforce comes with pre-built policy packs for major compliance standards. No translation needed.
Learn more: https://anchore.com/blog/automate-your-compliance-how-anchore-enforce-secures-the-software-supply-chain/
#SoftwareSupplyChain #Compliance #ContainerSecurity #PolicyAsCode
Developers: Stop getting surprised by compliance issues at the end of your build. Anchore Enforce gives you immediate policy feedback right in your CI/CD pipeline.
#SoftwareSupplyChain #Compliance #ContainerSecurity #PolicyAsCode
Software supply chain attacks ⬆️ 540% since 2019. Your solution? Automated policy enforcement.
See how Anchore Enforce helps dev and security teams automate compliance at scale: https://anchore.com/blog/automate-your-compliance-how-anchore-enforce-secures-the-software-supply-chain/
#SoftwareSupplyChain #Compliance #ContainerSecurity #PolicyAsCode
Before Policy-as-Code: Arcane compliance docs, 11th-hour shipping delays 😩
After Policy-as-Code: Automated and immediate feedback without leaving your terminal ✨
See how: https://anchore.com/blog/sbom-and-policy-as-code-a-developers-guide/
Today I was in the mood and packaged #regal and #opa for @opensuse
Packages still need more testing, but the first steps are done. Found a glitch in the OPA ldflags handling and reported it upstream.
Should arrive in #Tumbleweed soon-ish.
Every context switch costs you productivity.
Learn how SBOMs & Policy-as-Code eliminate friction between development velocity and compliance requirements.
Read our developer guide: https://anchore.com/blog/sbom-and-policy-as-code-a-developers-guide/
🚀 The wait is over—Kubewarden 1.23 is here! Packed with security enhancements, smoother workflows, and key updates to elevate your Kubernetes experience. Dive into what's new: https://www.kubewarden.io/blog/2025/03/kubewarden-1.23-release 🌟 #Kubernetes #DevSecOps #Security #PolicyAsCode
Regal v0.32.0 just dropped! After having worked mostly on language server features recently, it was time for the linter to get some love. This release includes 3 new linter rules as well as much faster linting. Check it out!
https://github.com/StyraInc/regal/releases/tag/v0.32.0
#OPA #Rego #Regal #PolicyAsCode #CloudNative #DevOps #DevSecOps
Tired of switching from coding to compliance?
Learn how SBOMs & Policy-as-Code automate policy checks in your workflow so you can spend less time in meetings and more time in your terminal.
Read our new developer guide: https://anchore.com/blog/sbom-and-policy-as-code-a-developers-guide/
If you're interested in #PolicyAsCode and #OPA for cloud infra, I'll be talking about that at this #env0 hosted webinar March 4. Join if you want! Only 30 minutes long.
https://www.env0.com/webinar/how-policy-as-code-experts-tackle-infrastructure-governance
#PolicyAsCode | From Infrastructure to Fine-Grained Authorization
https://www.permit.io/blog/policy-as-code-or-from-infrastructure-to-fine-grained-authorization
Finally got a copy of Jimmy Ray’s “Policy as Code”. And it’s really good! Proud about both myself and my #Regal project getting mentioned too.
#PolicyAsCode #DevOps #DevSecOps #CloudNative #OPA #Styra #OReilly
Not sure if it'll make it into the next #Regal release, but currently working on Code Lens support for the Regal language server which would allow evaluating any rule directly in the editor, and have the result displayed on the same line. I think it'll go a *really* long way in making #Rego development easier for everyone. Many things to iron out first though... but here's a preview only for fedi :)
I’ve been doing a lot of “renovations” on old #Rego projects lately, bringing them up to modern standards and best practices. While there are some excellent tools around to help with that, there’s not been much in terms of documentation on that process. So I figured it might be helpful if I shared mine. Check out my latest blog to learn more!
[Перевод] Использование Verified Permissions для реализации точной авторизации в высоконагруженных приложениях
Техники оптимизации функции авторизации в современных веб-приложениях. В статье рассматриваются эффективные подходы к управлению точной авторизацией с использованием Amazon Verified Permissions ( читай Cedar Engine ). Вы узнаете о техниках пакетной авторизации и кэширования ответов, которые помогут значительно повысить производительность и отзывчивость приложений. Читать
https://habr.com/ru/companies/bercut/articles/829576/
#авторизация #bercut #беркут #authz #authorization #Policyascode #вебприложения #web_application
I just published #Regal v0.16.0. This release brings two new linter rules, but most importantly it adds a language server (LSP) mode to Regal, allowing editor integrations to lint your workspace continuously as you work on your #Rego policies. Client implementations soon to follow. Exciting times!
Thanks @charlieegan3 for an awesome contribution!
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst