Define, Enforce and Manage Policy as Code with Weave GitOps

Unlock Cloud-Native agility without comprising security or compliance

Trusted application delivery integrates security and compliance checks - in the form of policy as code - into existing GitOps pipelines and CI processes and tooling. DevOps teams shift their security and compliance checks left, to accelerate development,  increase application resilience, mitigate security risks, and prevent misconfigurations.

Weave GitOps enables trusted application delivery through the Weave Policy Engine, a catalogue of 100+ OPA-based policies that DevOps and Platform teams can embed into their software development lifecycle. The policy engine includes operational and DevOps best practices, and industry standards such as CIS Benchmarks, NIST, PCI DSS, GDPR, and MITRE ATT&CK - empowering enterprises to build security and compliance as part of their daily workflows.

Run a secure, reliable, and efficient cloud-native infrastructure with Weave GitOps: 

  • Shift security left: create and validate configuration and security policies before enforcement to prevent costly security breaches and misconfigurations. All policies are held in Git’s version control, where changes can be made, reviewed, and fed through an automated, full-auditable delivery pipeline.
  • Automate DevSecOps with Policy as Code: automate the creation, deployment, and management of governance policies, the GitOps way. Allow users to create and implement policies based on environment, workload, geography, or other criteria.
  • Increase deployment speed without the risks: guarantee governance and compliance while maintaining the highest deployment frequency. Deployments can automatically go through pre-flight checks reducing the steps development teams need to remember.
  • Actionable and prioritized cloud security and compliance posture reports: policy violation, across applications and clusters in any environment, causes an alert on the central management console. Comprehensive audit visibility and audit trails enable teams to visualize and uniformly assess compliance across all assets. 
  • Automate remediation: identify unconfigured security settings, non-compliance, or misconfigured resources using our auto-remediation feature.

Weave Policy Engine

With Weave GitOps, the application source code and declarative environment configuration are stored on Git with workflow support. The Weave Policy Engine is following the same principles and all lived policies are stored and managed in Git.

The active policy definitions are stored in Git, just like the application source code and configuration. Managing active policies is achieved with regular Git workflows which seamlessly fit into the day to day practices of the DevOps and DevSecOps teams. Using Git to manage the active policies provides review and approval workflows, version history and full audit trail of who changed what and when 

security_as_code_page1.png
Development and deployment guardrails are automatically triggered at various points in the CI/CD pipeline.

Commit/Build: 

Weave Policy Engine will enforce policies upon infrastructure and configuration code, so software and operations engineers receive immediate feedback before introducing violations into a Kubernetes cluster.

Deploy:

At Deploy Time, Weave Policy Engine will block any violating changes from being deployed into a Kubernetes cluster.

Runtime:

As we move to the right, Run Time, Weave Policy engine will continuously scan Kubernetes runtime configurations against the policies and report back any violations.

Weave Policy Library

The Weave Policy Library is composed of OPA-based (Open Policy Agent) policies that are mapped to standards such as NIST, CIS, PCI DSS, MITRE ATT&CK, GDPR and more. We keep track of active policies, categorized by severity and standard. With our  “Write once, use everywhere” model, teams can create their own policies or save time and use one of 100+ security and compliance policies in the curated Weave Policy Library.

security_as_code_page_1.png

Weave GitOps and its Policy Engine provides DevOps and DevSecOps teams a consistent way to enforce guardrails across the software delivery pipeline in a consistent and scalable manner.  This, in turn, helps customers mitigate risks, reduce friction between security and developers, and maximize developer productivity. 

Contact us at sales@weave.works or request a demo.