Giới thiệu dự án mã nguồn mở Endpoint State Policy (ESP), một giải pháp "Policy as Code" giúp quản lý và thực thi chính sách endpoint một cách tự động.
#opensource #policyascode #DevOps #security #mãnguồnmở #bảomật
https://www.reddit.com/r/opensource/comments/1q005zf/endpoint_state_policy_esp_policy_as_code/
🚀 NEW on We ❤️ Open Source 🚀
Electric sheep need defenders. 🐑🔐 Brett Smith explores how SLSA helps secure the software supply chain, translating EO 14028 into a roadmap for resilient pipelines.
Read the article: https://allthingsopen.org/articles/supply-chain-robots-slsa-security
#WeLoveOpenSource #SLSA #FOSS #Cybersecurity #DevSecOps #PolicyAsCode
Zero CVEs ≠ Zero Risk.
Misconfigurations & leaked secrets can take down an image faster than any exploit.
Anchore helps teams catch both.
By @JoshSopuru → https://anchore.com/blog/beyond-the-cve-deep-container-analysis-with-anchore/
Policy failure—not zero-days—is the real weak link.
Anchore enforces what "secure" means before bad configs & secrets ever ship.
Read @JoshSopuru's Beyond the CVE: https://anchore.com/blog/beyond-the-cve-deep-container-analysis-with-anchore/
Relying on CVE scans alone is like putting a padlock on a vault with the back door open.
Anchore goes beyond the CVE to secure configs, secrets & policies.
By @JoshSopuru 👉 https://anchore.com/blog/beyond-the-cve-deep-container-analysis-with-anchore/
Policy-as-code makes governance reproducible & automatable. Enforce image signing, vulnerability scanning, & validate resource quotas starting small & scaling with warnings & blocks #PolicyAsCode #Governance
Guardrails guide behavior, gates stop unsafe actions. Use guardrails for daily autonomy & gates for production-critical ops #Guardrails #PolicyAsCode
🚨 Security doesn't start in prod — it starts at terraform plan.
With Policy as Code tools like #OPA, #Checkov, Snyk, and #Sentinel by HashiCorp, you can catch misconfigs before they deploy. 🛡️
Nicholaos Mouzourakis at Gusto has been a long-time contributor to #OPA, and has written some of the best blogs on #Rego we've read. Turns out he is just as great talking about it on video! Just published on YouTube, "Super-Scaling Open Policy Agent with Batch Queries" is a deep-dive into an advanced OPA topic, explained well enough to be interesting to most. Hosted by the ever excellent Bart Farrell. Recommended!
A new #Regal release is out! Featuring 4 new linter rules, and a bunch of performance improvements along with the usual fixes. I'm particularly happy about the new "narrow-argument" rule, as I don't know many tools do that type of analysis for any language. It's an optional rule though, so make sure to enable it if you want to try it out!
The #KubeCon recordings are now on YouTube! We'll be posting links to all the #OpenPolicyAgent related ones as we watch them. First out is the #OPA maintainer track session, where @charlieegan3 and @anderseknert give a short introduction to OPA and Rego, followed by a deep-dive into recent performance improvements, and a sneak peek at the project roadmap. Check it out!
CIS ✅ STIG ✅ FedRAMP ✅ NIST ✅
Anchore Enforce comes with pre-built policy packs for major compliance standards. No translation needed.
Learn more: https://anchore.com/blog/automate-your-compliance-how-anchore-enforce-secures-the-software-supply-chain/
#SoftwareSupplyChain #Compliance #ContainerSecurity #PolicyAsCode
Developers: Stop getting surprised by compliance issues at the end of your build. Anchore Enforce gives you immediate policy feedback right in your CI/CD pipeline.
#SoftwareSupplyChain #Compliance #ContainerSecurity #PolicyAsCode
Software supply chain attacks ⬆️ 540% since 2019. Your solution? Automated policy enforcement.
See how Anchore Enforce helps dev and security teams automate compliance at scale: https://anchore.com/blog/automate-your-compliance-how-anchore-enforce-secures-the-software-supply-chain/
#SoftwareSupplyChain #Compliance #ContainerSecurity #PolicyAsCode
Before Policy-as-Code: Arcane compliance docs, 11th-hour shipping delays 😩
After Policy-as-Code: Automated and immediate feedback without leaving your terminal ✨
See how: https://anchore.com/blog/sbom-and-policy-as-code-a-developers-guide/
Today I was in the mood and packaged #regal and #opa for @opensuse
Packages still need more testing, but the first steps are done. Found a glitch in the OPA ldflags handling and reported it upstream.
Should arrive in #Tumbleweed soon-ish.
Every context switch costs you productivity.
Learn how SBOMs & Policy-as-Code eliminate friction between development velocity and compliance requirements.
Read our developer guide: https://anchore.com/blog/sbom-and-policy-as-code-a-developers-guide/
🚀 The wait is over—Kubewarden 1.23 is here! Packed with security enhancements, smoother workflows, and key updates to elevate your Kubernetes experience. Dive into what's new: https://www.kubewarden.io/blog/2025/03/kubewarden-1.23-release 🌟 #Kubernetes #DevSecOps #Security #PolicyAsCode
Regal v0.32.0 just dropped! After having worked mostly on language server features recently, it was time for the linter to get some love. This release includes 3 new linter rules as well as much faster linting. Check it out!
https://github.com/StyraInc/regal/releases/tag/v0.32.0
#OPA #Rego #Regal #PolicyAsCode #CloudNative #DevOps #DevSecOps
Tired of switching from coding to compliance?
Learn how SBOMs & Policy-as-Code automate policy checks in your workflow so you can spend less time in meetings and more time in your terminal.
Read our new developer guide: https://anchore.com/blog/sbom-and-policy-as-code-a-developers-guide/
