less risky business way to reduce cloud native provisioning issues

Sangam Biradar
Advocacy Manager Tenable




15367
national vulnerability database statistics

Provisioning Layer In Cloud Native


cloud misconfiguration is still big security problem ...
OPA - Open Policy Agent
What is Policy ?
- policy consist of rules . we may query this policies for making decisions
- for programmer perspective its just decisions making statement ex: if-else
What Does OPA Bring on Table?


How Does OPA Work?
fix cloud misconfigurations & other security exposures

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Key features
- 500+ Policies for security best practices
- Scanning of Terraform (HCL2)
- Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize
- Scanning of Dockerfiles
- Support for AWS, Azure, GCP, Kubernetes, Dockerfile, and GitHub
- Integrates with docker image vulnerability scanning for AWS, Azure, GCP, Harbor container registries.

Demo1 - Secure Terraform Misconfiguration with terrascan

Demo2 - Secure kubernets app
Scan Summary -
File/Folder : /Users/sangam/Documents/GitHub/alldaydevops2021/vul-k0s-helm-docker/kubeyaml
IaC Type : k8s
Scanned At : 2021-10-18 08:08:30.920245 +0000 UTC
Policies Validated : 41
Violated Policies : 27
Low : 9
Medium : 14
High : 4
Demo3 - Use Terrascan Rego Editor to Write Own Policies

Thanks You!
- Source Code :- https://github.com/sangam14/alldaydevops2021
@BiradarSangam
@BiradarSangam
if you like this open source project give git star