Regula

A tool that evaluates infrastructure as code for security and compliance.

Overview

Regula is an open-source tool that evaluates infrastructure as code for security and compliance. It supports a variety of IaC formats and comes with a library of pre-built rules. Regula is designed to be used in CI/CD pipelines to catch issues before they are deployed.

✨ Key Features

Scans Terraform, CloudFormation, and Kubernetes
Checks against CIS benchmarks and other compliance standards
Custom rules with Open Policy Agent (OPA)
Integration with CI/CD pipelines
Open-source and community-driven
Part of the Fugue (now Snyk) ecosystem

🎯 Key Differentiators

Focus on compliance
Integration with Open Policy Agent (OPA)
Part of the Fugue (now Snyk) ecosystem

Unique Value: Provides a powerful and flexible open-source solution for ensuring IaC compliance.

🎯 Use Cases (4)

IaC compliance checking Security auditing of infrastructure code Enforcing compliance policies in CI/CD Pre-deployment compliance checks

            ✅ Best For
            Validating Terraform code against CIS AWS Foundations Benchmark
Ensuring Kubernetes manifests comply with organizational policies

        

💡 Check With Vendor

Verify these considerations match your specific requirements:

Runtime security monitoring
Vulnerability scanning of application code

🏆 Alternatives

Checkov Terrascan Open Policy Agent

Its tight integration with OPA makes it a great choice for organizations that want to use a standardized policy language.

💻 Platforms

CLI

✅ Offline Mode Available

🔌 Integrations

GitHub Actions GitLab CI Jenkins CircleCI

💰 Pricing

Contact for pricing

Free Tier Available

Free tier: Full open-source version is free.

Visit Regula Website →

Regula

Overview

✨ Key Features

🎯 Key Differentiators

🎯 Use Cases (4)

✅ Best For

💡 Check With Vendor

🏆 Alternatives

💻 Platforms

🔌 Integrations

💰 Pricing

🔄 Similar Tools in IaC Compliance

Snyk IaC

Checkov

Terrascan

KICS by Checkmarx

tfsec

Open Policy Agent