Latest from the blog

November 01, 2022

How Trusted Delivery Unifies Security Practices Like IAM, RBAC, & ABAC

The use of policy as code in GitOps pipelines simplifies the implementation of security practices such as RBAC, ABAC, and IAM. This post covers how policy as code can be used to define these practices declaratively and run compliance checks recurringly with Git as the single source of truth.

October 27, 2022

No More Manual Reviews — Policy as Code to the Rescue

Using policy as code is the most advanced method of implementing policy-based governance. In this post, we look at how policies are used to automate the entire workflow of security & compliance.

October 06, 2022

GitOps Cloud Security Model - An Infographic

In this GitOps cloud security model infographic, we showcase how you can fortify your CI/CD pipelines against misconfigurations and potential data breaches.

September 06, 2022

Shifting Security Left with GitOps and Trusted Delivery

What does it mean to shift security left in GitOps pipeline and how can you do so with policy as code? Let’s find out.

August 30, 2022

Secure your CI/CD pipeline with Trusted Delivery

CI/CD pipelines are integral to modern software development teams. Find out the security risks associated with CI/CD pipelines and how trusted delivery can help you mitigate them.

August 23, 2022

Guide to Hybrid Cloud Security

What is hybrid cloud security? Hybrid cloud security is about protecting data, applications, and associated workloads hosted across multiple public and private cloud environments.

August 16, 2022

How Trusted Delivery Can Protect You From Becoming The Next Tech Horror Story

Trusted delivery through policy-as-code is the best way to secure your GitOps pipeline against cyber attacks such as cloud misconfigurations. Take steps to avoid being the next news headline.

July 12, 2022

Security & IAM policies in a GitOps world

The GitOps approach is not just for deployment velocity, but to improve security of the pipeline. In this post, learn how to incorporate security and IAM policies the GitOps way.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes

What is MITRE ATT&CK Matrix? Learn about a comprehensive knowledge base of adversary tactics and techniques involved in cyber attacks.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 3

Learn about the last three threat vectors in Kubernetes: lateral movement, collection, and impact.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 2

Learn about the next three threat vectors in Kubernetes: defense evasion, credential access, and discovery.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 1

Learn about the first four threat vectors in Kubernetes: initial access, execution, persistence, and privilege escalation.

June 14, 2022

Weave Policy Library: Introducing HIPAA Policies

In our latest Weave GitOps release, we added trusted application delivery and policy-as-code capabilities to Weave GitOps. Part of this release is the Weave Policy Library, which includes HIPPA compliance standards among other compliance family policies such as CIS Benchmarks and PCI DSS. Read on to learn more about the Weave Policy Library and HIPAA policies.

May 31, 2022

Security for Application Delivery shifts left with GitOps for Visual Studio Code

The VS Code extension adds a Weave GitOps button in the sidebar of your IDE that allows you to access GitOps features without switching to another dashboard. You can view GitOps components and components as well as trigger reconciliation- read our latest blog for details.

March 31, 2022

Adding Policy as Code to GitOps Pipelines

Previously we introduced the benefits of policy as code, and how it works. In this blog, we continue where we left off and dive deeper into how policy as code can be embedded into GitOps pipelines.

March 29, 2022

Trusted Delivery with GitOps and Policy as Code

Trusted Delivery - policy as code in GitOps pipelines - can boost developer velocity, proactively prevent cloud misconfigurations, and accelerate software delivery. Learn more about what Trusted Delivery is in our latest whitepaper, and how you can get started.

August 16, 2021

What is Policy-as-Code and Why it's Needed?

What is policy-as-code and the benefits organizations can reap by implementing policy-as-code.

July 22, 2021

The Art of Modern Ops: Authorize better with OPA - security policy as code

The Art of Modern Ops is a regular podcast on modernizing cloud infrastructure from Cornelia Davis, Weaveworks CTO and author of the book Cloud Native Patterns. In the latest episode, Cornelia interviews Gareth Rushgrove, VP of Product at...

May 25, 2021

How to Start Left with Security Using Git Pre-Commit Hooks

Understand how you can shift security left by using pre-commit hooks in Git before committing to the code base.

May 18, 2021

How the Department of Defense (DoD) uses GitOps to bake in security

In a recent episode of 'The Art of Modern Ops' (this time in a video format!) WeaveWorks CTO, Cornelia Davis, hosted a very interesting discussion featuring the Department of Defense and how it approaches modern cloud-native operations with GitOps. Nicolas Chaillan, Chief Software Officer of the U.S. Air Force discusses how GitOps enables key operational tasks like change management, disaster recovery, networking changes, and security for tens of thousands of developers.

Next