Safeguard
Tag

policy-as-code

Safeguard articles tagged "policy-as-code" — guides, analysis, and best practices for software supply chain and application security.

56 articles

Cloud Security

How to write a custom Snyk IaC rule in Rego using the Rul...

A technical walkthrough of Snyk's IaC Rules SDK: scaffolding, writing Rego deny rules, local testing, bundling, and org-wide enforcement via OCI registries.

Sep 2, 20258 min read
Cloud Security

How Snyk IaC's Terraform Cloud run tasks gate infrastruct...

How Snyk IaC uses Terraform Cloud's run tasks to scan plan output and block infrastructure changes before apply — the mechanics, enforcement levels, and limits.

Sep 2, 20257 min read
Cloud Security

How Snyk IaC's custom rule SDK structures resource-attrib...

A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.

Sep 1, 20256 min read
Cloud Security

How an organization's custom policy set overrides Snyk Ia...

How Snyk IaC's Rego-based custom rules layer onto, disable, or supplement default policies — and what that means for enforcing org-specific IaC standards.

Aug 31, 20257 min read
Cloud Security

How Snyk IaC detects overly permissive IAM policies in Te...

A mechanical walkthrough of how Snyk IaC parses Terraform and CloudFormation, normalizes IAM policies into one model, and flags wildcard actions, resources, and principals before deploy.

Aug 31, 20256 min read
Comparisons

The .snyk Ignore File: How It Actually Works

Snyk ignore rules let teams suppress a finding without deleting it from history — here's how the .snyk file's syntax, expiry, and reason fields actually work in practice.

Aug 22, 20255 min read
Concepts

What is Continuous Compliance Monitoring

Continuous compliance monitoring replaces the annual audit scramble with automated, always-on checks that map live system evidence to control requirements.

Jan 12, 20257 min read
Kubernetes Security

OPA Gatekeeper for Kubernetes: Writing Policies That Actually Work

Gatekeeper brings OPA's policy engine to Kubernetes. The learning curve is steep but the flexibility is unmatched. Here is how to write, test, and deploy Rego policies that enforce real security.

Oct 12, 20226 min read
policy-as-code (Page 5) — Safeguard Blog