Weave Policy Engine is now Open Source
Weaveworks has open-sourced the Weave Policy Engine, a powerful policy-as-code solution for Kubernetes environments. Learn how it enhances security, compliance, and best practices while seamlessly integrating with GitOps workflows.
Weaveworks, the industry leader in Kubernetes and cloud-native operations, announced today that it is open-sourcing its Weave Policy Engine, the robust solution designed to automate and streamline security policy enforcement in Kubernetes environments.
What is Weave Policy Engine?
The Weave Policy Engine is a powerful policy-as-code engine based on Open Policy Agent (OPA). It plays a crucial role in enhancing Kubernetes applications' security, compliance, and best practices. Seamlessly integrating with GitOps workflows, particularly FluxCD, Weave Policy Engine empowers users to implement highly granular policies for Flux applications and tenants. This ensures robust isolation and compliance throughout their Kubernetes deployments.Weave Policy Engine
"Almost everyone we talk to wants a developer platform on Kubernetes. But people don't want to run someone else's platform - they want their own. To meet this need, we are building out a modular developer platform - Weave GitOps - that extends Flux and Kubernetes. Today we are announcing the next step in this strategy - the Weave Policy Engine. Customers can use this with any Kubernetes or GitOps tool, or buy one of our supported and curated products. If you look at automated Kubernetes operations, policy as code is a natural extension to GitOps. Guardrails, compliance and assurance can now be part of every deployment as it is anchored in the pipeline itself, provably lowering errors in production by 70% or more." said Alexis Richardson, CEO and Co-Founder of Weaveworks.
Automating Security & Compliance with the Weave Policy Engine
Weave Policy Engine empowers organizations to automate security, enhance compliance, expedite deployments, and maintain a robust governance framework in their cloud-native environments. The Weave Policy Engine provides a wide range of features and capabilities that offer numerous benefits, including:
- Streamline DevSecOps with policy as code: Automate the creation, deployment, and management of governance policies in alignment with GitOps practices. Enable users to create and implement policies based on criteria such as environment, workload, geography, and more.
- Automate remediation: Detect unconfigured security settings, non-compliance, or misconfigured resources through our auto-remediation feature.
- Increase deployment speed with minimal risk: ensure governance and compliance throughout the deployment process. Deployments can automatically undergo pre-flight checks, reducing the burden on development teams and enabling greater deployment frequency and velocity.
- Embrace a “Shift-Left” security approach: create and validate configuration and security policies before enforcement to prevent costly security breaches and misconfigurations. All policies are held in Git’s version control, where changes can be made, reviewed, and fed through an automated, fully-auditable delivery pipeline.
- Actionable and prioritized cloud security and compliance posture scans: security and policy violations, across applications and clusters in any environment, cause an alert on the central management console. Comprehensive audit visibility and audit trails allow teams to visualize and uniformly assess compliance across all assets.
Weave Policy Engine Features & Capabilities
The Weave Policy Engine provides a comprehensive, automated, context-aware solution to control and manage Kubernetes security policies. Its dynamic capabilities allow DevOps teams to handle high-velocity change while ensuring their applications and infrastructure's stability, security, and compliance. Its advanced features for Flux enable the enforcement of security policies within GitOps workflows, streamlining compliance throughout the development and deployment lifecycle.Weave Policy Engine integrates policy as code in delivery pipelines.
The open-source Weave Policy Engine offers the following capabilities to automate the security and compliance of Kubernetes and cloud-native operations in GitOps pipelines.
- A policy as code solution: integrates OPA into delivery pipelines, enabling users to write policies in Rego Language.
- An Admission Controller: acting as an admission controller, the engine prevents the creation of Kubernetes resources that would violate predefined policies. This proactive enforcement ensures compliance and reduces the risk of misconfigurations.
- Runtime compliance auditing: the engine continuously monitors deployed resources to ensure adherence to security policies.
- Terraform Controller Integrations: It integrates with Terraform Controller to prevent violations in Terraform plans, ensuring the integrity of infrastructure from the start.
The source code for Weave Policy Engine is now available to the community on GitHub, as well as example policies targeting Kubernetes and Flux resources. Weaveworks encourages the community to contribute, experiment with, and develop upon this engine to broaden its applicability and efficacy. To get started with Weave Policy Agent, check out the installation guide here.
Enterprise Grade OSS Support with Weave GitOps Assured
As part of Weaveworks' commitment to the open-source community, the company will also provide commercial support for the Weave Policy Engine via the Weave GitOps Assured solution. In addition to the policy enforcement aspect of the engine, users can leverage the Weave GitOps UI for observability, gaining insights into enforced policies, compliance status, and auditing results. The new solution offers unparalleled access to expert guidance, professional services, and customer support for organizations seeking to accelerate their cloud-native journeys. Contact us for a free consultation.