Insights and best practices from the policy-as-code community
A comprehensive guide to securing GitOps workflows with policy-as-code. Learn how to integrate OPA, Kyverno, and admission controllers with Flux and ArgoCD to prevent misconfigurations, enforce compliance, and automate security at the Git layer.
An in-depth 2025 analysis of Terraform vs. OpenTofu for enterprise use. We compare licensing (BUSL vs. MPL), ecosystem maturity, feature velocity, community support, and provide a clear migration guide.
An executive guide for CISOs and security leaders on eBPF. Learn how it provides kernel-level observability for threat detection, network policy enforcement, and runtime security without sidecars.
AI won't replace policy experts, but it's becoming an incredible co-pilot. We explore practical ways to use AI for generating, explaining, and testing complex Rego policies.
The definitive guide to Platform Engineering and Internal Developer Portals (IDPs). Learn how to build self-service infrastructure with Backstage, Port, Humanitec, and custom solutions. Includes architecture patterns, implementation strategies, and enterprise-grade templates.
A comprehensive guide to managing Terraform state files. Learn how to prevent accidental deletion, implement robust backup and recovery strategies using S3 versioning, and apply best practices for state file security.
A deep dive into the new ContainerHijack attack vector that allows attackers to poison container registries and bypass image scanning. Learn how it works and how to apply immediate policy-based mitigations.
A sophisticated supply chain attack targeting CI/CD pipelines has compromised over 10,000 GitHub repositories. The attack, dubbed 'PipelinePhantom,' exploits a previously unknown vulnerability in how GitHub Actions handles workflow file parsing.
A critical vulnerability in AWS Identity and Access Management (IAM) allows attackers to escalate privileges and gain unauthorized access to AWS resources. The vulnerability affects the AssumeRole function and cross-account trust relationships across all AWS regions.
Move beyond perimeter security. Learn how to use Policy as Code frameworks like OPA to enforce Zero Trust principles for every request, user, and device.
Browse articles by topic
