Safeguard
Tag

rego

Safeguard articles tagged "rego" — guides, analysis, and best practices for software supply chain and application security.

10 articles

DevSecOps

Writing Rego policies for Kubernetes admission control and CI gates

Open Policy Agent graduated CNCF on Jan 29, 2021 — yet most teams still ship Rego with no default-deny, turning a policy gate into a rubber stamp.

Jul 11, 20268 min read
Cloud Security

Policy as Code: Enforcing Cloud Security Guardrails in CI/CD Instead of Manual Review

OPA reached CNCF Graduated status in January 2021 — yet most teams still catch misconfigured IAM roles by eyeballing a pull request.

Jul 11, 20267 min read
DevSecOps

A hands-on introduction to Rego for Kubernetes admission control

OPA graduated CNCF on January 29, 2021, and Rego v1 became the default syntax in OPA v1.0.0 (Dec 2024) — here's how to write your first admission-control policies.

Jul 8, 20266 min read
DevSecOps

Rego for intermediates: combining rules with AND/OR and writing actionable error messages

Rego has no `&&` or `||` operators — AND is implicit, OR means writing the same rule twice, and most teams miss both until a policy silently passes.

Jul 8, 20267 min read
DevSecOps

Rego for security engineers: a beginner's guide to OPA policy

Rego graduated from Styra research project to a CNCF-graduated standard in under five years. Here's how to write your first real OPA/Conftest policy.

Jul 8, 20267 min read
Infrastructure Security

Introduction to Open Policy Agent and Rego

A concrete walkthrough of Open Policy Agent and Rego — how OPA evaluates decisions, a runnable policy example, and where it fits in supply chain security.

Jun 18, 20268 min read
Architecture

Safeguard Policy Evaluation Engine

How Safeguard's policy engine evaluates thousands of rules per artifact with predictable latency — the compiler, the cache layer, and the decision trail.

Feb 8, 20268 min read
Cloud Security

How to write a custom Snyk IaC rule in Rego using the Rul...

A technical walkthrough of Snyk's IaC Rules SDK: scaffolding, writing Rego deny rules, local testing, bundling, and org-wide enforcement via OCI registries.

Sep 2, 20258 min read
Cloud Security

How Snyk IaC's custom rule SDK structures resource-attrib...

A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.

Sep 1, 20256 min read
Kubernetes Security

OPA Gatekeeper for Kubernetes: Writing Policies That Actually Work

Gatekeeper brings OPA's policy engine to Kubernetes. The learning curve is steep but the flexibility is unmatched. Here is how to write, test, and deploy Rego policies that enforce real security.

Oct 12, 20226 min read
rego — Safeguard Blog