Trusted Delivery Secures GitOps Pipelines with Policy as Code

Overview

In January of this year, Magalix joined forces with Weaveworks, the GitOps company, to enable trusted application delivery, and to strengthen customers’ ability to securely deploy Kubernetes applications. Magalix's powerful policy as code capabilities will extend the GitOps pipeline with governance, verification, and security. 

In this blog, we will briefly describe what Trusted Application Delivery is, how it can secure the GItOps pipeline, and share some relevant resources on the topic. 

What is Trusted Application Delivery

Trusted application delivery is the practice of embedding policy as code into the software delivery pipelines. These policies can be anything from company policies, to security best practices to industry-mandated compliance standards. Otherwise known as developer guardrails, these policies will detect any vulnerabilities or defects and prevent any new code from being deployed.

The automated and built-in guardrails enable DevOps teams to speedily deploy applications, securely and confidently. Any vulnerabilities or defects are caught early on in the development lifecycle.

Policies can be classified into 3 types:

•  Security and Compliance Policies ensure that security best practices are considered during the development lifecycle, 
•  Resilience Policies include the best practices for deploying applications on Kubernetes, such as configuring health probes to ensure Kubernetes can do its automation correctly. 
•  Coding Standards can be company-mandated rules and checks, helping organizations apply governance standards using a centralized playbook. 

Trusted Application Delivery with Weave GitOps

Trusted application delivery solution is available now through Weave GitOps, the full-stack GitOps platform. Using the OPA-based (Open Policy Agent) policies enables policy-driven deployment and operation automation. With Trusted delivery, misconfigurations are automatically detected, alerts sents, and the deployment halted. 

The solution includes Weave Policy Library: a curated libary of hundreds of policies covering security, resilience, and coding standards, all of which are stored in Git. 

Policy checks can be automatically triggered at various points in the CI/CD pipeline:

• Commit
• Build 
• Deploy Time 
• Runtime 

Resources: 

• Shift DevOps Security Left with GitOps and Policy as Code
• March Weave GitOps Release - Trusted Delivery 
• Codified Security and Compliance with Policy as Code 

Read our latest whitepaper “Trusted Delivery with GitOps and Policy as Code” to learn more about automating security and compliance checks using policy as code.  For more information about Weave GitOps, visit the Weave GitOps product page or contact us for a demo now.