Skip to content

    Latest Posts

    Checking Terraform IaC security in CI/CD with Regula and Bitbucket Pipelines [Tutorial]

    Aidan O’Connor

    Regula 2.3.0 enables cloud teams to evaluate Terraform, CloudFormation, Azure Resource Manager, and Kubernetes infrastructure as code (IaC) for security and compliance violations prior to deployment. Integrating Regula into continuous integration/continuous delivery (CI/CD) pipelines takes this a step further by automating the secure deployment of cloud infrastructure.

    Read More

    Using Fugue to Protect Against the Apache Log4j Vulnerability on AWS

    Becki Lee

    Richard Park also contributed to this post. The Apache Log4j vulnerability known as Log4Shell (CVE-2021-44228) is a serious vulnerability that allows an attacker to execute arbitrary code on any server running the popular Apache Log4j Java logging library. It has a CVSS score of 10, the highest possible value, and should be addressed immediately.

    Read More

    Infrastructure as Code has Shifted Cloud Security Left

    Drew Wright

    Cloud security has long been focused squarely on the cloud runtime environment to keep infrastructure free of misconfiguration vulnerabilities that can open the door to hackers and lead to data leaks and breaches. It is reasonable considering most (if not all) cloud-based security incidents result from customer mistakes in the form of cloud resource misconfiguration. Gartner calls this Cloud Security Posture Management, or CSPM.

    Read More

    Regula v1.0 is Now Available — Open Source Infrastructure as Code Security

    Drew Wright

    Today we announced the 1.0 release of Regula, Fugue’s open source policy engine for infrastructure as code (IaC) security. With this release, Regula now has hundreds of pre-built policies for checking IaC deployments for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, along with new tooling to make it easier to develop and test custom rules. Read about it at Help Net Security.

    Read More

    Regula Adds Support for AWS CloudFormation Security Checks

    Drew Wright

    This week, Fugue announced support for AWS CloudFormation in Regula, the open-source policy engine for infrastructure as code (IaC). Regula has been gaining in popularity for performing pre-deployment security and compliance checks for Terraform, and we’re thrilled to extend Regula’s capabilities to address CloudFormation templates, including the Serverless Application Framework.

    Read More
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration