GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → instrumenta → policies

instrumenta / policies

Licence: other
A set of shared policies for use with Conftest and other Open Policy Agent tools

Programming Languages

Open Policy Agent
39 projects
Makefile
30231 projects

Labels

open-policy-agentconftest

Projects that are alternatives of or similar to policies

k8s-security-policies
This repository provides a security policies library that is used for securing Kubernetes clusters configurations. The security policies are created based on CIS Kubernetes benchmark and rules defined in Kubesec.io.
Stars: ✭ 160 (+162.3%)
Mutual labels:  open-policy-agent, conftest
pre-commit-opa
Pre-commit git hooks for Open Policy Agent (OPA) and Rego development
Stars: ✭ 53 (-13.11%)
Mutual labels:  conftest
action-setup-kube-tools
Github Action that setup Kubernetes tools (kubectl, kustomize, helm, kubeconform, conftest, yq, rancher, tilt, skaffold) very fast and cache them on the runner. Please [✩Star] if you're using it!
Stars: ✭ 45 (-26.23%)
Mutual labels:  conftest
opa-kafka-plugin
Open Policy Agent (OPA) plug-in for Kafka authorization
Stars: ✭ 46 (-24.59%)
Mutual labels:  open-policy-agent
dotnet-opa-wasm
Call Open Policy Agent (OPA) policies in WASM (Web Assembly) from .NET Core
Stars: ✭ 36 (-40.98%)
Mutual labels:  open-policy-agent
Conftest
Write tests against structured configuration data using the Open Policy Agent Rego query language
Stars: ✭ 2,047 (+3255.74%)
Mutual labels:  open-policy-agent
Opa
An open source, general-purpose policy engine.
Stars: ✭ 5,939 (+9636.07%)
Mutual labels:  open-policy-agent
awesome-opa
A curated list of OPA related tools, frameworks and articles
Stars: ✭ 316 (+418.03%)
Mutual labels:  open-policy-agent
container-image-sign-and-verify-with-cosign-and-opa
This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)
Stars: ✭ 54 (-11.48%)
Mutual labels:  open-policy-agent
opal
Policy and data administration, distribution, and real-time updates on top of Open Policy Agent
Stars: ✭ 459 (+652.46%)
Mutual labels:  open-policy-agent
OPA-python-client
Python client for Open Policy Agent
Stars: ✭ 24 (-60.66%)
Mutual labels:  open-policy-agent
k8s-opa-boilerplate
Boilerplate example of managing OPA with kustomize
Stars: ✭ 14 (-77.05%)
Mutual labels:  open-policy-agent
conftest-action
A GitHub Action for using Conftest
Stars: ✭ 30 (-50.82%)
Mutual labels:  conftest

Policies

Open Policy Agent is a powerful library, and with tools like Conftest, Gatekeeper and more it has many uses.

By focusing on shared policies we can lower the barrier to entry to using these tools, as well as make it easier to learn the Rego language.

An example

A good example of where this is useful is with Conftest, and it's ability to pull policies from external sources. Without being an expert in Rego, or needing to write any rules, it's possible to test your deployments with Conftest like so:

$ conftest test --update github.com/instrumenta/policies.git//kubernetes deployment+service.yaml
PASS - deployment+service.yaml - data.main.violation
FAIL - deployment+service.yaml - hello-kubernetes in the Deployment hello-kubernetes does not have a memory limit set
FAIL - deployment+service.yaml - hello-kubernetes in the Deployment hello-kubernetes does not have a CPU limit set
FAIL - deployment+service.yaml - hello-kubernetes in the Deployment hello-kubernetes doesn't drop all capabilities
FAIL - deployment+service.yaml - hello-kubernetes in the Deployment hello-kubernetes is not using a read only root filesystem
FAIL - deployment+service.yaml - hello-kubernetes in the Deployment hello-kubernetes allows priviledge escalation
FAIL - deployment+service.yaml - hello-kubernetes in the Deployment hello-kubernetes is running as root

Interested?

This repository is hopefully a staging ground to collect together some useful policies in one place. This is not a unique idea, and the community is actively discussing sharing and reuse at the moment.

If you're interested in shared policies for Open Policy Agent please join the conversation. Join us on the Open Policy Agent Slack in the #registry channel, as well as the #falco-opa-registry channel on the CNCF Slack.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].