less risky business way to reduce cloud native provisioning issues
Sangam Biradar
Advocacy Manager Tenable
15367
national vulnerability database statistics
Provisioning Layer In Cloud Native
cloud misconfiguration is still big security problem ...
OPA - Open Policy Agent
What is Policy ?
- policy consist of rules . we may query this policies for making decisions
- for programmer perspective its just decisions making statement ex: if-else
What Does OPA Bring on Table?
How Does OPA Work?
fix cloud misconfigurations & other security exposures
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Key features
- 500+ Policies for security best practices
- Scanning of Terraform (HCL2)
- Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize
- Scanning of Dockerfiles
- Support for AWS, Azure, GCP, Kubernetes, Dockerfile, and GitHub
- Integrates with docker image vulnerability scanning for AWS, Azure, GCP, Harbor container registries.
Demo1 - Secure Terraform Misconfiguration with terrascan
Demo2 - Secure kubernets app
Scan Summary -
File/Folder : /Users/sangam/Documents/GitHub/alldaydevops2021/vul-k0s-helm-docker/kubeyaml
IaC Type : k8s
Scanned At : 2021-10-18 08:08:30.920245 +0000 UTC
Policies Validated : 41
Violated Policies : 27
Low : 9
Medium : 14
High : 4Demo3 - Use Terrascan Rego Editor to Write Own Policies
Thanks You!
- Source Code :- https://github.com/sangam14/alldaydevops2021
@BiradarSangam
@BiradarSangam
if you like this open source project give git star