You may already know that Regula, Fugue's open-source policy engine that uses Open Policy Agent (OPA) for checking infrastructure as code (IaC), can evaluate Terraform and AWS CloudFormation templates for security issues. But did you know that you can use Regula to secure your AWS Cloud Development Kit (CDK) apps, too?
Read MoreCloud security has long been focused squarely on the cloud runtime environment to keep infrastructure free of misconfiguration vulnerabilities that can open the door to hackers and lead to data leaks and breaches. It is reasonable considering most (if not all) cloud-based security incidents result from customer mistakes in the form of cloud resource misconfiguration. Gartner calls this Cloud Security Posture Management, or CSPM.
Read MoreRegula 1.0 makes it easy to check Terraform and CloudFormation infrastructure as code (IaC) for security vulnerabilities and compliance violations, especially in continuous integration/continuous delivery (CI/CD) pipelines (read about the Regula 1.0 launch in Help Net Security and on our blog here).
Read MoreToday we announced the 1.0 release of Regula, Fugue’s open source policy engine for infrastructure as code (IaC) security. With this release, Regula now has hundreds of pre-built policies for checking IaC deployments for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, along with new tooling to make it easier to develop and test custom rules. Read about it at Help Net Security.
Read MoreRegula, our open-source infrastructure as code (IaC) policy engine, now supports AWS CloudFormation. This means you can use Regula to perform static analysis of CloudFormation YAML or JSON templates for security vulnerabilities and compliance violations – including templates that use the Serverless Application Model. For instance, if a template declares an EBS volume that does not have encryption enabled, Regula’s report will show which template – and which specific resource – failed the check.
Read MoreThis week, Fugue announced support for AWS CloudFormation in Regula, the open-source policy engine for infrastructure as code (IaC). Regula has been gaining in popularity for performing pre-deployment security and compliance checks for Terraform, and we’re thrilled to extend Regula’s capabilities to address CloudFormation templates, including the Serverless Application Framework.
Read MoreIn this blog post, we’ll talk a bit about how Rego evaluation works, and how it affects performance. Rego is a DSL for authoring policy. It is not restricted to a single kind of policy (e.g., RBAC) but instead is very general-purpose, making it possible to share policies across different services and stacks. We’ve found Rego to be ideal for cloud infrastructure security in Fugue, and infrastructure as code security in our open source project, Regula.
Read MoreToday we announced that Fugue now supports Google Cloud, in addition to Amazon Web Services (AWS) and Microsoft Azure. Google Cloud support is key to providing our customers with a unified view of—and control over—the security posture of their cloud environment across cloud platforms. It was a top customer request, and considering the number of Google Cloud Projects we’ve seen onboarded to Fugue over the past few days, it’s clear that Google Cloud is experiencing significant growth.
Read MoreThis post is based on the Fugue's Cloud Security Masterclass series focused on AWS IAM security.
Read MoreToday, Sonatype and Fugue have partnered to deliver the tools developers and operations need to address every meaningful cloud attack surface and ensure compliance at every stage of the SDLC with a single unified solution. Read the press release here.
Read More
