- Open Policy Agent
- Opa: Docs
- OPA: Terraform
- OPA&Rego: Playground
- OPA: sources
- Rego: basics
- Opa: Awesome collection
- Opa: 101
- RedHat opa policies
- Appshield: opa policies
- Library: opa collection of library policies
- K8s security best practices: opa policies
- Terraform policies: opa policies
- Styra labs: opa policies
mk tests num=1
mk tests num=2
mk tests num=3
mk tests num=4
1. terraform init
2. terraform plan --out tfplan.binary
3. terraform show -json tfplan.binary > tfplan.json
# command to find the score
4. opa eval --format pretty --data s3-validate.rego --input tfplan.json "data.terraform.analysis.score"
# command to find true / false flag.
5. opa eval --format pretty --data s3-validate.rego --input tfplan.json "data.terraform.analysis.authz"
# command to get list of errors, in this scenario you have to provide the rego file name as well
6. opa eval -f pretty --explain=notes --data rds-validate.rego --input tfplan.json "authorized = data.terraform.analysis.authz; violations = data.terraform.analysis.violation"Create a repository using this template →
Gitlab
- https://github.com/SecurityIsIllusion/opa-integration
- https://gitlab.com/memorandom/open-policy-agent-first-steps/-/tree/master/
- https://gitlab.com/nico-meisenzahl/demo-opa-terraform-validation/-/tree/main/
- Secrets/Gitlab https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib/-/tree/main/
OPA slideshare https://www.slideshare.net/nmeisenzahl/gitlab-commit-enhance-your-compliance-with-policybased-cicd
