All Projects → prancer-io → prancer-compliance-test

prancer-io / prancer-compliance-test

Licence: other
This repository includes cloud security policies for IaC and live resources.

Programming Languages

Open Policy Agent
39 projects
python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to prancer-compliance-test

ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+3875%)
Mutual labels:  iac, devsecops, iac-security
postee
Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.
Stars: ✭ 160 (+400%)
Mutual labels:  opa, devsecops, rego
big-bang
Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
Stars: ✭ 55 (+71.88%)
Mutual labels:  iac, devsecops
Trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+30128.13%)
Mutual labels:  iac, devsecops
OPA-python-client
Python client for Open Policy Agent
Stars: ✭ 24 (-25%)
Mutual labels:  policy, opa
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+8296.88%)
Mutual labels:  iac, devsecops
devops-infra-demo
Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)
Stars: ✭ 31 (-3.12%)
Mutual labels:  iac, devsecops
intercept
INTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (+68.75%)
Mutual labels:  policy, devsecops
k8s-opa-boilerplate
Boilerplate example of managing OPA with kustomize
Stars: ✭ 14 (-56.25%)
Mutual labels:  opa, rego
Opa
An open source, general-purpose policy engine.
Stars: ✭ 5,939 (+18459.38%)
Mutual labels:  policy, opa
opa-kafka-plugin
Open Policy Agent (OPA) plug-in for Kafka authorization
Stars: ✭ 46 (+43.75%)
Mutual labels:  opa, rego
opal
Policy and data administration, distribution, and real-time updates on top of Open Policy Agent
Stars: ✭ 459 (+1334.38%)
Mutual labels:  policy, opa
ccheck
A command line tool for validating Kubernetes configs with rego
Stars: ✭ 63 (+96.88%)
Mutual labels:  opa, rego
pre-commit-opa
Pre-commit git hooks for Open Policy Agent (OPA) and Rego development
Stars: ✭ 53 (+65.63%)
Mutual labels:  opa, rego
terraform-modules
Reusable Terraform modules
Stars: ✭ 12 (-62.5%)
Mutual labels:  iac
fury-kubernetes-opa
Kubernetes Fury OPA. Policy enforcement for your Kubernetes Cluster
Stars: ✭ 34 (+6.25%)
Mutual labels:  opa
opa-docker-authz
A policy-enabled authorization plugin for Docker.
Stars: ✭ 67 (+109.38%)
Mutual labels:  opa
driftctl
Detect, track and alert on infrastructure drift
Stars: ✭ 2,020 (+6212.5%)
Mutual labels:  iac
riskybird
Regular expression authors best friend
Stars: ✭ 48 (+50%)
Mutual labels:  opa
headless-wordpress
Headless Wordpress - AWS - Easy Setup
Stars: ✭ 42 (+31.25%)
Mutual labels:  iac

Prancer Compliance test repository

Introduction

Prancer is a pre-deployment and post-deployment multi-cloud security platform for your Infrastructure as Code (IaC) and live cloud environment. It shifts the security to the left and provides end-to-end security scanning based on the Policy as Code concept. DevOps engineers can use it for static code analysis on IaC to find security drifts and maintain their cloud security posture with continuous compliance features. you can get more information from our website at : https://www.prancer.io

How to use the repository

The easiest way to get up and running is to make sure you can run the scenario we are explaining in the Hello World example. after being able to run that simple scenario, you can use this repository to do more advanced security tests.

Repository structure

The repository consists of 4 high level folders representing each supported type:

  • AWS
  • Azure
  • Google
  • Kubernetes

Under each top level directory, we have cloud, iac and terraform folders which hold the rego files respectively.

  • cloud folder holds all the rego files related to post deployment tests. These tests contribute to have continuous compliance in the cloud
  • iac folder holds all the rego files related to IaC Security Scan. These tests contribute to shift security to left concept
  • terraform folder holds all the rego files related to Terraform Infrastructure as Code

Prerequisites

Make sure you have the following prerequisites available:

Note: We recommend moving opa to a directory included in your system's PATH (i.e /usr/local/bin/)

Sample scenario

There are lots of use cases available for the Prancer Platform. Here I will show you a sample scenario to IaC Scan Azure ARM template.

The complete code is available in the Hello World repository

The easiest way is to clone our Hello World repository, change the parameters and run it.

step 1 - Clone the Hello World sample repo

git clone https://github.com/prancer-io/prancer-hello-world cd prancer-hello-world

step 2 - Change the connector file to point to your IaC code repo

You can use the available connector and change the gitProvider attribute to point to your own repo. (https://github.com/prancer-io/prancer-hello-world/blob/master/gitConnectorArmRemoteStructure.json)

cat gitConnectorArmRemoteStructure.json

{
    "fileType": "structure",
    "type": "filesystem",
    "companyName": "prancer",
    "gitProvider": "https://github.com/prancer-io/prancer-armof.git",
    "branchName": "master",
    "private": false
}

step 3 - Verify Master snapshot and Master test files

The next step is to verify master snapshot and master test files which are pointed to this repository. The complete code is already available in our Hello World sample repository and you don't need to change anything. You can find the sample codes here: https://github.com/prancer-io/prancer-hello-world/tree/master/validation/scenario-arm-remote

cat validation/scenario-arm-remote/master-snapshot.json

{
    "$schema": "",
    "contentVersion": "1.0.0.0",
    "fileType": "masterSnapshot",
    "connector": "gitConnectorRemote",
    "remoteFile": "azure/iac/master-snapshot.json",
    "connectorUsers": [
      {
        "id": "USER_1",
        "testUser": "user1",
        "source": "gitConnectorArmRemoteStructure"
      }
    ]
}

cat validation/scenario-arm-remote/master-test.json

{
    "contentVersion": "1.0.0.0",
    "notification": [],
    "masterSnapshot": "master-snapshot",
    "fileType": "mastertest",
    "connector": "gitConnectorRemote",
    "remoteFile": "azure/iac/master-compliance-test.json"
}

step 4 - running the IaC Scan

run the command prancer --crawler scenario-arm-remote to get all the files available in your repository. And then prancer scenario-arm-remote to complete the IaC security tests for Azure ARM templates.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].