📋 Policy as Code Testing

Spacelift

The most flexible CI/CD for Infrastructure as Code.

A specialized CI/CD platform for IaC that includes a powerful Policy as Code framework using OPA.

For more tool information ➜

env0

The complete infrastructure as code (IaC) platform to manage all your cloud environments.

An IaC automation platform that provides governance, cost management, and self-service capabilities for Terraform, Terragrunt, and other IaC tools.

For more tool information ➜

Kubescape

The first tool for testing if Kubernetes is deployed securely according to multiple frameworks.

An open-source Kubernetes security posture management tool that scans for misconfigurations and vulnerabilities.

For more tool information ➜

Kyverno

Kubernetes Native Policy Management.

A policy engine designed specifically for Kubernetes, allowing policies to be managed as Kubernetes resources.

For more tool information ➜

Scalr

The Terraform Automation & Collaboration Software.

A Terraform automation and collaboration platform with a hierarchical model for policy and workspace management.

For more tool information ➜

Open Policy Agent (OPA)

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

A general-purpose policy engine that can be used for a wide range of policy enforcement use cases.

For more tool information ➜

Datadog Cloud Security Management

Unify development, operations, and security in a single platform.

A cloud security platform that includes IaC scanning, posture management (CSPM), and workload security (CWS).

For more tool information ➜

Snyk IaC

Find and fix security issues in your Terraform, CloudFormation, Kubernetes, and Azure Resource Manager configurations.

A developer-focused IaC security tool that finds and helps fix misconfigurations in code.

For more tool information ➜

HashiCorp Sentinel

Policy as Code for Security, Compliance, and Operational Governance.

A policy as code framework from HashiCorp that integrates with its Enterprise products.

For more tool information ➜

Azure Policy

Implement governance for consistency, compliance, and security.

A service in Azure that you use to create, assign, and manage policies for your Azure resources.

For more tool information ➜

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

For more tool information ➜

Trivy

The comprehensive, streamlined security scanner.

A comprehensive open-source security scanner for vulnerabilities, misconfigurations, secrets, and more.

For more tool information ➜

Pulumi CrossGuard

Policy as Code for the Modern Cloud.

A policy as code framework for the Pulumi IaC platform, allowing policies to be written in general-purpose languages.

For more tool information ➜

Checkov

Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages.

An open-source static analysis tool for scanning IaC files for misconfigurations and security vulnerabilities.

For more tool information ➜

Chef InSpec

Turn your compliance, security, and other policy requirements into code.

An open-source testing framework for infrastructure with a human-readable language for specifying compliance and security rules.

For more tool information ➜

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

An open-source static code analyzer for IaC that helps detect security and compliance violations.

For more tool information ➜

KICS

Keeping Infrastructure as Code Secure.

An open-source IaC scanning tool by Checkmarx that finds security vulnerabilities, compliance issues, and misconfigurations.

For more tool information ➜

Regula

A tool that evaluates infrastructure as code for security and compliance.

An open-source tool by Fugue (now Snyk) that checks IaC for misconfigurations using Rego.

For more tool information ➜

TFLint

A Pluggable Terraform Linter.

A linter for Terraform that checks for errors, best practices, and naming conventions.

For more tool information ➜

OPA Gatekeeper

Policy Controller for Kubernetes.

A Kubernetes-native admission controller that enforces policies created with Open Policy Agent (OPA).

For more tool information ➜

Terratest

The ultimate Go library for testing your infrastructure code.

A Go library that provides patterns and helper functions for writing automated tests for infrastructure code.

For more tool information ➜

AWS CloudFormation Guard

A command-line interface (CLI) that provides a policy-as-code language to define rules that can check for both required and prohibited resource configurations.

An open-source policy as code tool for checking compliance of AWS CloudFormation templates and other structured data.

For more tool information ➜

Ansible Lint

Checks playbooks for practices and behavior that could potentially be improved.

A command-line tool for linting Ansible playbooks, roles, and collections.

For more tool information ➜