Blog

Latest Posts

How to Adhere to the AWS Well-Architected Framework

Becki Lee November 24, 2021

We recently announced support in Fugue for the AWS Well-Architected Framework, a set of recommendations Amazon Web Services provides for designing infrastructure for cloud applications and workloads.

6 Big AWS IAM Vulnerabilities – and How to Avoid Them

Becki Lee November 3, 2021

What’s a cloud vulnerability? In the simplest terms, it’s an exploitable weakness in a cloud environment. Vulnerabilities are commonly caused by cloud resource misconfigurations and can lead to breaches and security failures — especially when the vulnerability is related to Identity and Access Management (IAM).

Why the Facebook Outage and Twitch Breach Matter to Business Leaders

Josh Stella October 14, 2021

This month, Facebook and Twitch both suffered serious damage at their own hands, and every executive needs to understand what happened and how these types of incidents are preventable.

Securing a Kubernetes pod with Regula and Open Policy Agent

Becki Lee October 13, 2021

Fugue recently released Kubernetes support in Regula, our open source policy engine for checking infrastructure as code. Not only can Regula check your Terraform and CloudFormation files for security and compliance violations, it can now also check Kubernetes YAML manifests!

Checking AWS AMI IDs in Terraform Using Regula and Open Policy Agent

Becki Lee October 7, 2021

Last week we announced Fugue IaC, which enables cloud engineering teams to secure their infrastructure as code (IaC) and cloud runtime environment using the same policies. For running IaC checks locally, Fugue developed Regula, an open source tool built on Open Policy Agent (OPA).

Securing Infrastructure as Code and Cloud Environments with the Same Policies

Drew Wright September 29, 2021

This week, Fugue announced unified infrastructure as code (IaC) and cloud runtime security. For the first time, cloud engineering and security teams can automate security across the development lifecycle using the same policies.

Securing an AWS Cloud Development Kit (CDK) App Using Regula and Open Policy Agent (OPA)

Becki Lee September 17, 2021

You may already know that Regula, Fugue's open-source policy engine that uses Open Policy Agent (OPA) for checking infrastructure as code (IaC), can evaluate Terraform and AWS CloudFormation templates for security issues. But did you know that you can use Regula to secure your AWS Cloud Development Kit (CDK) apps, too?

Infrastructure as Code has Shifted Cloud Security Left

Drew Wright July 28, 2021

Cloud security has long been focused squarely on the cloud runtime environment to keep infrastructure free of misconfiguration vulnerabilities that can open the door to hackers and lead to data leaks and breaches. It is reasonable considering most (if not all) cloud-based security incidents result from customer mistakes in the form of cloud resource misconfiguration. Gartner calls this Cloud Security Posture Management, or CSPM.

Checking Terraform IaC security in CI/CD with Regula and Travis CI [Tutorial]

Becki Lee June 30, 2021

Regula 1.0 makes it easy to check Terraform and CloudFormation infrastructure as code (IaC) for security vulnerabilities and compliance violations, especially in continuous integration/continuous delivery (CI/CD) pipelines (read about the Regula 1.0 launch in Help Net Security and on our blog here).

Regula v1.0 is Now Available — Open Source Infrastructure as Code Security

Drew Wright June 29, 2021

Today we announced the 1.0 release of Regula, Fugue’s open source policy engine for infrastructure as code (IaC) security. With this release, Regula now has hundreds of pre-built policies for checking IaC deployments for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, along with new tooling to make it easier to develop and test custom rules. Read about it at Help Net Security.

1 2 3 4 5

Featured Posts

3 Big Amazon S3 Vulnerabilities You May Be Missing Drew Wright May 21, 2020

Cloud Security for Newly Distributed Engineering Teams Drew Wright March 19, 2020

Cloud Infrastructure Drift: The Good, the Bad, and The Ugly Drew Wright February 6, 2019

Fugue Developer

Free Cloud Security for Engineers

Visualize your cloud infrastructure
Run policy checks and get feedback
Detect change and eliminate misconfiguration

Blog

Latest Posts

Featured Posts

Free Cloud Security for Engineers

Get Started with Fugue Today

Trending Topics

Cloud Security Posture Management

Infrastructure as Code and Security

AWS Cloud Security

Azure Cloud Security

Cloud Security for Google Cloud Platform

DevSecOps for Cloud Infrastructure Security

CIS AWS Foundations Benchmark

CIS Azure Foundations Benchmark

Fugue Best Practices Policy Framework

GDPR

HIPAA

ISO 27001

NIST 800-53

PCI

SOC 2 Cloud Compliance

Popular Blogs

How to Adhere to the AWS Well-Architected Framework

6 Big AWS IAM Vulnerabilities – and How to Avoid Them

Why the Facebook Outage and Twitch Breach Matter to Business Leaders

Events

News

Fugue Adds AWS Well-Architected Framework to Its Policy as Code Engine for Full Life Cycle Cloud Security

Fugue and CWS Team Up to Close Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement

Fugue Adds Kubernetes Security Checks to its SaaS Platform and Open Source Regula Project

Fugue Announces Unified Infrastructure as Code and Cloud Runtime Security

Risk of Cloud Breaches Rising, Teams Struggling to Address Them, Fugue and Sonatype Survey Finds

Fugue Announces Regula v1.0 for Open Source Infrastructure as Code Security

Fugue Expands Go-To-Market Leadership Team to Accelerate Growth in Cloud Security Market

Fugue Announces The Fugue Guarantee for Cloud Security and Compliance

Fugue Announces IaC Security for AWS CloudFormation in Regula, the Open-Source Policy Engine

Fugue Adds Google Cloud Support to its Multi-Cloud Security Platform

Resources

Submit a Ticket

Documentation

Pricing

API

Guarantee

Login

Contact Us

Security

Privacy Policy

Careers

Schedule Demo

Product Videos

Press

Events

Library