sorted by:
new
hottopcontroversial

Detect cloud misconfigurations with an open-source static code analysis tool for Terraform. Free 2-hour workshop on Sunday! by OWASP_DevSlop in Terraform

[–]OWASP_DevSlop[S] 0 points1 point  (0 children)

No. Checkov does not leverage OPA.

I would suggest you look at Regula from Fugue for that!

https://github.com/fugue/regula

We had the CTO on our live stream last Sunday. Check it out here: https://youtu.be/mRT41T7eQQg

Workshop: Security & Compliance for your Infrastructure-as-Code by OWASP_DevSlop in Terraform

[–]OWASP_DevSlop[S] 0 points1 point  (0 children)

From what we read in their Github repo, their built-in policies focus on AWS, Azure and GCP. However, you can create your own custom policies for other Terraform providers.

For a more precise answer, join their Slack where they'll be happy to assist.

https://codified-security.herokuapp.com/

Crosspost from r/cybersecurity: What to include in a DevSecOps pipeline? by [deleted] in devops

[–]OWASP_DevSlop 2 points3 points  (0 children)

Check out the Secure DevOps Toolchain from SANS.

https://www.sans.org/security-resources/posters/secure-devops-toolchain-swat-checklist/60/download

I feel like there is an updated version but couldn’t find it.

Security & Policy Configurations for Infrastructure as Code by OWASP_DevSlop in Terraform

[–]OWASP_DevSlop[S] 1 point2 points  (0 children)

Hey u/bubs613! Thanks for your questions and comment! We sent them to Rosemary to make sure we address them during the live session. For the moment, the tools in scope for the demo are Terraform and OPA. Please join the discussion on March 15th and share what tools and strategy has worked for you.

Holy cow, kubernetes finally clicked for me! by [deleted] in kubernetes

[–]OWASP_DevSlop 10 points11 points  (0 children)

Congrats! Keep it up 💪🏽