Insights and best practices from the policy-as-code community
A sophisticated supply chain attack targeting CI/CD pipelines has compromised over 10,000 GitHub repositories. The attack, dubbed 'PipelinePhantom,' exploits a previously unknown vulnerability in how GitHub Actions handles workflow file parsing.
A critical vulnerability in AWS Identity and Access Management (IAM) allows attackers to escalate privileges and gain unauthorized access to AWS resources. The vulnerability affects the AssumeRole function and cross-account trust relationships across all AWS regions.
Move beyond perimeter security. Learn how to use Policy as Code frameworks like OPA to enforce Zero Trust principles for every request, user, and device.
A detailed comparison between the two leading Kubernetes policy engines, OPA/Gatekeeper and Kyverno. Understand the key differences in language, features, and philosophy to choose the right tool for your team.
Learn how to manage the entire lifecycle of Azure Policyβfrom definition and assignment to remediationβusing Terraform. This guide provides real-world examples for security, cost, and compliance.
A practical guide to securing the modern software supply chain using policy-as-code, covering SLSA, SBOM, and Sigstore. Enforce security from code to cloud.
Discover how Policy as Code (PaC) is the key to automating FinOps. This guide provides practical policies for enforcing tags, controlling costs, and eliminating waste in your cloud environments.
Comprehensive guide to the most critical policy-as-code security vulnerabilities affecting DevOps teams in 2025, with practical fixes and prevention strategies.
A complete step-by-step guide to mastering AWS IAM Access Analyzer in 2025 for proactive policy validation and securing your cloud resources.
Filter articles by technology, cloud, or tool.