Define, Enforce, and Manage Security as Code Policy with Weave GitOps

Unlock Cloud-Native agility without comprising security or compliance

Trusted application delivery integrates security and compliance checks in the form of security  as code (SaC).  This policy incorporates existing GitOps pipelines and CI processes and tooling. DevOps teams can shift their security and compliance checks left to accelerate development, increase application resilience, mitigate security risks, and prevent misconfigurations.

Weave GitOps enables trusted application delivery through the Weave Policy Engine, a catalog of 100+ OPA-based policies that DevOps and Platform teams can embed into their software development lifecycle. The policy engine includes operational and DevOps best practices and industry standards such as CIS Benchmarks, NIST, PCI DSS, GDPR, and MITRE ATT&CK - empowering enterprises to build security as code and compliance as part of their daily workflows.

Run a secure, reliable, and efficient cloud-native infrastructure with Weave GitOps:

• Shift security left: create and validate configuration and security policies before enforcement to prevent costly security breaches and misconfigurations. All policies are held in Git’s version control, where changes can be made, reviewed, and fed through an automated, full-auditable delivery pipeline.
• Automate DevSecOps with Policy as Code: automate the creation, deployment, and management of governance policies, the GitOps way. Allow users to create and implement policies based on environment, workload, geography, or other criteria.Automate remediation: identify unconfigured security settings, non-compliance, or misconfigured resources using our auto-remediation feature.

• Increase deployment speed without the risks: guarantee governance and compliance while maintaining the highest deployment frequency. Deployments can automatically go through pre-flight checks reducing the steps development teams need to remember.

• Actionable and prioritized cloud security and compliance posture reports: security and policy violations, across applications and clusters in any environment cause an alert on the central management console. Comprehensive audit visibility and audit trails enable teams to visualize and uniformly assess compliance across all assets. 

Weave Policy Engine

With Weave GitOps, the application source code and declarative environment configuration is stored on Git with workflow support. The Weave Policy Engine follows the same principles, and all lived policies are stored and managed in Git.

The active policy definitions are stored in Git, like the application source code and configuration. Managing active policies is achieved with regular Git workflows, which seamlessly fit into the day-to-day practices of the DevOps and DevSecOps teams. Using Git to manage the active policies provides review and approval workflows, version history, and a full audit trail of who changed what and when

Development and deployment guardrails are automatically triggered at various points in the CI/CD pipeline.

Commit/Build:	Weave Policy Engine will enforce security policies upon infrastructure and configuration code, so software and operations engineers receive immediate feedback before introducing violations into a Kubernetes cluster.
Deploy:	At Deploy Time, Weave Policy Engine will block any violating changes from being deployed into a Kubernetes cluster.
Runtime:	As we move to the right, Run Time, Weave Policy engine will continuously scan Kubernetes runtime configurations against the policies and report back any violations.

Related Handpicked Content:

• Policy as code Shifts Security Left

• Whitepaper: Shifting Security Left with GitOps & Trusted Delivery

• Webinar: DX, Guardrails, Golden Paths & Policy Management in Kubernetes

Weave Policy Library

The Weave Policy Library is composed of OPA-based (Open Policy Agent) policies that are mapped to standards such as NIST, CIS, PCI DSS, MITRE ATT&CK, GDPR, HIPAAand more. We keep track of active policies, categorized by severity and standard. With our  “Write once, use everywhere” model, teams can create their own policies or save time and use one of 100+ security as code and compliance policies in the curated Weave Policy Library.

Weave GitOps and its Policy Engine provide DevOps and DevSecOps teams a consistent way to enforce guardrails across the software delivery pipeline in a consistent and scalable manner. This, in turn, helps customers mitigate risks, reduce friction between security and developers, and maximize developer productivity. 

Interested in learning more about Weave GitOps? Contact us at sales@weave.works or request a demo today.