GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rode → rode

rode / rode

Licence: Apache-2.0 license
Rode facilitates Automated Governance in your software supply chain. This repository contains the rode API which is the primary interface between the rode UI or rode Collectors and metadata storage in Grafeas. The rode API provides functions for metadata search and storage as well as policy creation and evaluation.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

policy-evaluationgrafeaspolicy-as-codeautomated-governance

Projects that are alternatives of or similar to rode

intercept
INTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (+12.5%)
Mutual labels:  policy-evaluation, policy-as-code
policy-server
Webhook server that evaluates WebAssembly policies to validate Kubernetes requests
Stars: ✭ 111 (+131.25%)
Mutual labels:  policy-as-code
SyntheticControlMethods
A Python package for causal inference using Synthetic Controls
Stars: ✭ 90 (+87.5%)
Mutual labels:  policy-evaluation
scan-action
Anchore container analysis and scan provided as a GitHub Action
Stars: ✭ 140 (+191.67%)
Mutual labels:  policy-evaluation
CausalInferenceIntro
Causal Inference for the Brave and True的中文翻译版。全部代码基于Python,适用于计量经济学、量化社会学、策略评估等领域。英文版原作者:Matheus Facure
Stars: ✭ 207 (+331.25%)
Mutual labels:  policy-evaluation
Checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+7341.67%)
Mutual labels:  policy-as-code
awesome-opa
A curated list of OPA related tools, frameworks and articles
Stars: ✭ 316 (+558.33%)
Mutual labels:  policy-as-code
opal
Policy and data administration, distribution, and real-time updates on top of Open Policy Agent
Stars: ✭ 459 (+856.25%)
Mutual labels:  policy-as-code
gamechanger-data
GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements
Stars: ✭ 17 (-64.58%)
Mutual labels:  policy-as-code
azure-policy-as-code
Bicep and Terraform code examples for policy-as-code workflows. Azure governance guardrails and automation - by @jesseloudon
Stars: ✭ 101 (+110.42%)
Mutual labels:  policy-as-code
open-source-logiciel-libre
Open Source Software Requirements and Guidance (Draft) - Exigences et guides liés aux logiciels libres (Ébauche)
Stars: ✭ 31 (-35.42%)
Mutual labels:  policy-as-code
awesome-azure-policy
A curated list of blogs, videos, tutorials, code, tools, scripts, and anything useful to help you learn Azure Policy - by @jesseloudon
Stars: ✭ 313 (+552.08%)
Mutual labels:  policy-as-code
gamechanger
GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements
Stars: ✭ 27 (-43.75%)
Mutual labels:  policy-as-code
awesome-policy-as-code
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+152.08%)
Mutual labels:  policy-as-code
chimera-admission
A Kubernetes dynamic admission controller that uses WebAssembly policies to validate incoming requests
Stars: ✭ 25 (-47.92%)
Mutual labels:  policy-as-code
cloudpatrol
Policy as Code for the Cloud Development Kit (CDK)
Stars: ✭ 21 (-56.25%)
Mutual labels:  policy-as-code

rode

\rōd\ - a line (as of rope or chain) used to attach an anchor to a boat

rode provides the collection, attestation and enforcement of policies in your software supply chain.

Why rode?

Enterprises require a secure and reliable software delivery lifecycle to meet the needs of audit and compliance. This has traditionaly been implemented by applying governance and additional process. rode aims to meet this need by enabling Automated Governance. Automated Governance allows us to move the existing change approval process left by automating stages in software delivery that may currently exist as manual activities. This is possible by building a codified system of trust and authority for the entire software lifecycle. rode facilitates the collection and organization of important software supply chain metadata and provides a method of Automated Governance via Policy as Code.

rode Architecture

The overall architecture of rode is built around bringing together tools built with the needs of governance in mind. The system of rode consists of Collectors, the rode API, Grafeas, and Open Policy Agent. We have extended the Grafeas storage backend to use Elasticsearch. These tools work together to enable Automated Governance.

Rode Architecture

Collectors

Collectors package the metadata in the form of an "occurrence". These occurrences represent verifiable, individual software delivery process events. Collectors provide an entrypoint to the rode system by helping standardize the way metadata is brought in. They will be "purpose built" to collect metadata from any of the tools you are using in your software delivery toolchain.

Grafeas

Grafeas is an open source project that provides an API and storage layer for artifact metadata.

Information that is gathered by collectors is ultimately stored within Grafeas as Occurrences. Occurrences represent a particular piece of metadata about an artifact, and they can be used by Rode when evaluating policies against artifacts. Information such as an artifact's vulnerabilities, how it was built, and the quality of the codebase that produced the artifact can be fed to a policy in order to determine whether that artifact meets a certain set of standards set by your organization.

The primary way that Grafeas adds value to the rode project is through its models around how artifact metadata should be tracked and stored. Over time, we plan to add new types of Occurrences to Grafeas to represent artifact metadata concepts that we believe are important, but aren't currently represented in the existing models.

We currently use a custom backend for Grafeas that's based on Elasticsearch.

From Grafeas docs:

Grafeas is an open-source artifact metadata API that provides a uniform way to audit and govern your software supply chain. Grafeas defines an API spec for managing metadata about software resources, such as container images, Virtual Machine (VM) images, JAR files, and scripts. You can use Grafeas to define and aggregate information about your project's components. Grafeas provides organizations with a central source of truth for tracking and enforcing policies across an ever growing set of software development teams and pipelines. Build, auditing, and compliance tools can use the Grafeas API to store, query, and retrieve comprehensive metadata on software components of all kinds.

Open Policy Agent

Open Policy Agent, or OPA is the open source standard for implementing Policy as Code.

rode uses OPA as a means to apply and validate policy via Rego policies stored in source control (Poicy as Code). By using the occurrence and attestation metadata stored in Grafeas as inputs for policy, all resources can be validated as needed. rode provides a method to bring the policy and metadata together as a means for enabling Automated Governance.

The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.

Policy Evaluation

..

Installation

Helm

Add Helm repositories

helm repo add rode https://rode.github.io/charts
helm repo add elastic https://helm.elastic.co
helm repo update

Install Rode

helm install rode rode/rode --set grafeas-elasticsearch.grafeas.elasticsearch.username=grafeas --set grafeas-elasticsearch.grafeas.elasticsearch.password=BAD_PASSWORD

See Rode Helm chart for more details.

Documentation

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].