Skip to content

Adopting the CNCF’s open policy engine and language enables Fugue to provide customers with an open, non-proprietary solution for cloud infrastructure governance

Frederick, Md. – October 8, 2019 – Fugue, the company delivering autonomous cloud infrastructure security and compliance, announced today its support for Open Policy Agent (OPA), an open source general-purpose policy engine and language for cloud infrastructure. Fugue is leveraging OPA and Rego, OPA’s declarative policy language, for cloud infrastructure policy-as-code to provide customers with maximum flexibility when implementing their custom enterprise policies. The Cloud Native Computing Foundation (CNCF) accepted OPA as an incubation-level hosted project in April 2019.

While much of the focus of OPA has been on developing access policies for Kubernetes, Fugue is driving the adoption of OPA to address a wider variety of use cases for securing cloud environments on Amazon Web Services (AWS) and Microsoft Azure, including the application of common compliance frameworks to full cloud infrastructure stacks. The Fugue team has developed tools and enhancements to improve OPA’s developer experience. Fugue has provided many of these enhancements to the OPA open source project, and will continue to do so.

Fugue has also added support to its product for customer-defined rules written using OPA and Rego. This sets Fugue apart from all other cloud infrastructure policy management solutions that rely on proprietary and inflexible rule languages that lock-in customers and are incompatible with other policy languages used elsewhere in the enterprise. Fugue also uses OPA to provide out-of-the-box support for commonly used compliance frameworks including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2.

“It’s very simple to build custom policies for our cloud infrastructure environments and validate those configurations pre-deployment using OPA and Fugue,” said Dave Williams, cloud architect and senior consultant at New Light Technologies. “Fugue simplifies the implementation and enforcement of custom cloud infrastructure policies we’ve written using OPA and helps us prove compliance at all times.”

“Fugue has been developing policy-as-code solutions for some time, and now we’re offering an easy-to-use, open source solution for writing policies for cloud infrastructure,” said Phillip Merrick, CEO of Fugue. “Our customers can use the same open language for defining their cloud infrastructure policies in Fugue that they are using for other enterprise policy needs. This eliminates the need to learn other vendors’ proprietary, inflexible policy languages.”

Fugue’s custom rules capabilities that leverage OPA enable users to:

  • Build and manage custom, user-defined cloud infrastructure rules in OPA Rego via the Fugue API, CLI, and web interface
  • Validate and test custom rules while they are being written with helpful errors that save time
  • Continuously validate and report on compliance for custom rules and out-of-the-box policy frameworks

“Fugue is running millions of security rule evaluations every day using OPA, so we've put a lot of work into improving performance and developer tooling and will be contributing all of that back to the open source community,” said Josh Stella, co-founder and CTO of Fugue. “OPA is a significant development for policy-as-code, and Fugue is fully committed to supporting and contributing to it.”


Custom rules with Fugue using OPA is available now for all Fugue customers.

About Fugue

Fugue is enterprise cloud security developed for engineers, by engineers. Fugue prevents cloud misconfiguration, ensures continuous compliance with enterprise security policies, and provides full visibility into the security posture of AWS and Azure cloud environments. Fugue automates compliance validation for CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2. Customers such as PBS, Sparkpost, SAP NS2, and TrueCar trust Fugue to protect their cloud environments. Fugue’s investors include New Enterprise Associates, Future Fund, and In-Q-Tel (IQT). Fugue is an AWS Advanced Technology Partner and a Launch Partner in the AWS Cloud Management Tools Competency Program in the Governance category. Fugue has been named a CyberSecurity Breakthrough Award winner and a Gartner Cool Vendor in Cloud Computing. To learn more, visit

Media Contact:

Rachel Kaseroff


Fugue Developer

Free Cloud Security for Engineers

  • Visualize your cloud infrastructure
  • Run policy checks and get feedback
  • Detect change and eliminate misconfiguration