Our talk by David Melamed - Open Policy Agent as a Control Engine: Open Policy Agent has become a very popular project in the cloud-native ecosystem for finer-grained policy management and enforcement. OPA comes with a very convenient dev-friendly language called Rego that can be leveraged as a unified way to manage any deployment changes at scale.
In this talk, we will focus on four critical security controls that will be integrated as part of the CI/CD pipeline: static application security (SAST), dependency check (SCA), infrastructure as code (IaC) and dynamic application security (DAST). Anything from your Terraform deletes to code vulnerabilities, infrastructure misconfigurations and more can be operationalized and enforced through OPA and ArgoCD or even other GitOps methods and CI tools like Github Actions. Code examples will be showcased as part of this session.