Policy As Code

cloud-custodianPython

A rules engine for cloud security, cost optimization, and governance using YAML policies to query, filter, and act on cloud resources.

Open Policy Administration LayerPython

A real-time administration layer for policy engines like OPA and AWS Cedar, keeping authorization data and policies in sync across microservices.

terrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

CerbosGo

An open-core, language-agnostic authorization solution for implementing and managing context-aware access control policies.

ConftestGo

Write tests against structured configuration data using the Open Policy Agent Rego query language.

kclRust

A constraint-based record and functional language for writing, validating, and managing complex configurations, especially in cloud-native scenarios.

terraform-compliancePython

A lightweight, security-focused BDD test framework for Terraform that enables compliance and negative testing for infrastructure-as-code.

AWS CloudFormation GuardRust

An open-source policy-as-code tool that validates JSON/YAML data like CloudFormation and Kubernetes configs against custom rules.

TopazGo

An open-source authorization service providing fine-grained, policy-based access control for cloud-native applications and APIs.

TerragoatHCL

A vulnerable-by-design Terraform repository for learning cloud security misconfigurations across AWS, Azure, and GCP.

SafeDep/vetGo

A CLI tool for real-time malicious package detection and software supply chain security across multiple ecosystems.

regulaOpen Policy Agent

Regula checks infrastructure as code templates for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego.

SelefraGo

Open-source policy-as-code software for analyzing multi-cloud and SaaS environments using SQL, YAML, and natural language with GPT.

GKE Policy AutomationGo

Tool and policy library for validating Google Kubernetes Engine clusters against configuration best practices and scalability limits.

RegalGo

A linter, debugger, and language server for Rego that identifies mistakes, enforces best practices, and enhances policy development.

IAMbicPython

IAMbic is version-control for IAM, centralizing and simplifying cloud access and permissions across AWS, Okta, Azure AD, and Google Workspace.

terraform_validatePython

A Python package for defining and enforcing Policy as Code standards in Terraform configurations.

OPAL (Open Policy Administration Layer)Python

A realtime administration layer for Open Policy Agent (OPA) that pushes live policy and data updates to authorization agents.

Cfngoat

A vulnerable-by-design CloudFormation template for learning and testing infrastructure-as-code security scanning tools.

goastGo

A Go static analysis tool that uses AST and Rego policies for customizable code inspection.