10 مستودعات
Frameworks for defining and enforcing security policies through code.
Explore 10 awesome GitHub repositories matching part of an awesome list · Policy as Code. Refine with filters or upvote what's useful.
This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployme
General-purpose engine for unified policy enforcement.
Kyverno is a Kubernetes policy engine and cloud native governance tool. It functions as a policy-as-code framework that validates, mutates, and generates resources to enforce security and governance standards within a cluster. The project distinguishes itself through a declarative policy model that utilizes native Kubernetes custom resource definitions, allowing policies to be managed as standard cluster objects without custom code. It provides specific security capabilities for container image verification and signature validation to ensure only trusted images are deployed. Its broader capa
Policy engine specifically designed for Kubernetes.
The CNCF Curriculum is an open-source repository that organizes exam domains and learning paths for CNCF certification courses covering Kubernetes and cloud-native technologies. It structures certification content into weighted domains that reflect exam question distribution, providing a structured study guide for candidates preparing for CNCF certifications. The curriculum is organized around multiple cloud-native domains including networking, security, GitOps, platform engineering, and certification preparation. It teaches cloud-native concepts through the lens of building and operating int
Weaves Kyverno policy management into Kubernetes security and compliance learning tracks.
Datree is a policy enforcement framework for Kubernetes that validates configurations against rules written in Rego, JSON Schema, or CEL. It operates as both a command-line tool for pre-deployment scanning and as a cluster-side admission webhook for real-time enforcement, integrating with CI/CD pipelines and continuous delivery tools like ArgoCD and FluxCD. The framework supports namespace-scoped policy mapping, allowing different policies to apply to different namespaces, and provides a skip annotation mechanism for selectively bypassing rules on individual resources or entire namespaces. It
Creates and publishes YAML policies files that link custom rules to named policies for Kubernetes enforcement.
Cerbos is an open-source authorization service that provides a centralized, language-agnostic engine for managing access control. It functions as a policy-as-code platform, allowing teams to define, test, and distribute authorization rules using declarative YAML or JSON configurations. By decoupling access logic from application code, it enables consistent permission enforcement across diverse service stacks. The project distinguishes itself through its ability to translate high-level authorization policies into native database query filters. This capability allows applications to enforce sec
Defines authorization rules in human-readable files held centrally, allowing updates to access logic without modifying application code.
aiac is an AI-powered command line tool designed to translate natural language requests into infrastructure code, DevOps workflows, and system scripts. It operates as a generator that uses large language models to produce cloud provisioning files, configuration files, and executable automation scripts directly from the terminal. The tool features a provider-agnostic model abstraction and a configuration-based routing system, allowing users to switch between different AI backends and discover compatible models. It includes an interactive shell interface for refining generated outputs through i
Generates compliance and governance rules to enforce operational standards using a policy-as-code approach.
InSpec: Auditing and Testing Framework
Testing framework for infrastructure compliance and security.
هذا المشروع عبارة عن منصة تعليمية ومنهج مصمم لتدريس هندسة السحابة الأصلية (cloud-native)، وأتمتة البنية التحتية، وممارسات تسليم البرمجيات. يوفر خارطة طريق منظمة لإتقان الكفاءات الأساسية، بما في ذلك تنسيق الحاويات، وسير عمل GitOps، والتكامل والتسليم المستمر. تتميز المنصة بدمج التدريب التقني مع التطوير المهني الوظيفي. فهي تقدم مشاريع عملية، ومحاكاة موجهة، وتقييمات للكفاءة التقنية تعكس بيئات الهندسة الواقعية. يمكن للمستخدمين التقدم عبر مسارات تعليمية متسلسلة تغطي دورة حياة تسليم البرمجيات بالكامل، بدءاً من وضع التطبيق في حاويات أولية وصولاً إلى إدارة البنية التحتية على مستوى الإنتاج. بعيداً عن التعليمات التقنية، يتضمن المشروع موارد للتقدم الوظيفي، مثل تحسين السيرة الذاتية والتحضير للمقابلات. كما يوفر توجيهاً حول تنفيذ ممارسات قياسية في الصناعة مثل التحقق من السياسات ككود (policy-as-code)، وقابلية مراقبة النظام، وإدارة البنية التحتية التصريحية لضمان تلبية المعايير التشغيلية.
Enforces security and operational standards by programmatically validating infrastructure configurations against predefined rules.
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
Policy-as-code tool for CloudFormation templates.
An open source, cloud-native security to protect everything from build to runtime
Cloud-native engine for assessing infrastructure compliance.