DevOps and development teams are feeling the pressure of continuous delivery, and the need to constantly innovate to reach maximum customer satisfaction. With an ever growing number of distributed environments supporting multiple application teams often spanning various backends, the complexity of deployment pipelines is also rising.

But complexity paired with faster development and shorter deployment times, can lead to misconfigurations and eventually a minor typo can bring down the security and reliability of your application and infrastructure altogether. 

Trusted application delivery adds policy as code to GitOps, enforcing security and compliance, application resilience and coding standards from source to production.  It is a combination of secure GitOps pipelines and continuous security checks through codified policies, enforcing security best practices and higher security standards across the software development lifecycle. The goal is to “shift left” security to the earliest possible stages of development — and not leave security as a last stop gap before deployment. 

What it does

Policy driven deployment and management is one of the top DevOps pain points in 2022. The addition of Policy as Code (Open Policy Agent “OPA” and Rego language) guarantees that security checks are completed before deployment, in addition to runtime drift detection and automatic remediation through GitOps. Trusted application delivery enables a completely policy-driven deployment and operations automation that prevents inconsistent app performance and downtime.

Weave GitOps Enterprise already adds the ability to specify role-based access control using Git-based rules managed through pull request enabling teams to manage access to their Kubernetes environments. Security checks are completed before deployment in addition to runtime drift detection and automatic remediation through GitOps. Hundreds of built-in policies for security, resilience and coding standards, help developers and operators to understand the associated compliance and governance checks/routine with which the service needs to comply.


The main features of Weave GitOps: 

  • Continuous security and compliance: through the integration of policy-as-code into the GitOps pipelines. Configuration and security policies are held in Git’s version control, where changes can be made, reviewed and fed through an automated pipeline that verifies, deploys and monitors every update and change.
  • Deployment guardrails: guarantee the highest level of governance and compliance while maintaining the highest deployment frequency. Deployments can automatically go through pre-flight checks reducing the steps development teams need to remember.
  • Custom policy application: allows users to decide where and how policies are applied based on environment, workload, geography or other criteria.
  • Multilayered protection: The GitOps policy as code engine protects the system throughout the software lifecycle — during code commit, deployment and at runtime. Weave GitOps allows each leaf cluster to run its own engine, ensuring continuous policy evaluation should network disruptions occur.
  • Continuous compliance monitoring: any policy violation, across applications and clusters in any environment, will cause an alert on the central management console.

Weave GitOps’ trusted application delivery is a single, scalable way to manage policy throughout the application lifecycle and distribute it across every pipeline, cluster, and cloud in the organization.

Why should I care?

In highly regulated industries, customers rely on you to protect their livelihood and personal identity, security standards such as  PCI-DSS HITRUST, ISO-27001, and HIPAA are the most common ones. Torsten Volk , an analyst for Enterprise Management Associates (EMA) recently mentioned in the New Stack that

Ad-hoc configuration changes are still common and they are the number one root cause for inconsistent app performance and for app downtime. Only completely policy-driven deployment and operations automation can prevent these issues, but typically does not leave enough flexibility for DevOps teams.

Often security testing is left until the end of the development cycle and can bring a deployment to a halt or even worse break through to production. Automated security checks, guardrails, can prevent delays and guarantee the highest level of governance and compliance while maintaining the highest deployment frequency. If policy as code is added to GitOps pipelines, DevOps teams can implement a radically declarative approach; ensuring continuous compliance and reliability across environments and minimizing the potential for configuration inconsistencies and human error.

Find Out More

Weave GitOps is the only full-stack GitOps platform that can address secure automation, (enforcing security and compliance, application resilience and coding standards) from source to production. Ask us for a demo and see how we enable trusted application delivery for DevOps teams. 

Trusted Delivery with GitOps and Policy as Code

Read our latest whitepaper to learn more about automated security and compliance checks, in the form of policy as code, automated continuous deployments.

Download Now