rego
Safeguard articles tagged "rego" — guides, analysis, and best practices for software supply chain and application security.
10 articles
Writing Rego policies for Kubernetes admission control and CI gates
Open Policy Agent graduated CNCF on Jan 29, 2021 — yet most teams still ship Rego with no default-deny, turning a policy gate into a rubber stamp.
Policy as Code: Enforcing Cloud Security Guardrails in CI/CD Instead of Manual Review
OPA reached CNCF Graduated status in January 2021 — yet most teams still catch misconfigured IAM roles by eyeballing a pull request.
A hands-on introduction to Rego for Kubernetes admission control
OPA graduated CNCF on January 29, 2021, and Rego v1 became the default syntax in OPA v1.0.0 (Dec 2024) — here's how to write your first admission-control policies.
Rego for intermediates: combining rules with AND/OR and writing actionable error messages
Rego has no `&&` or `||` operators — AND is implicit, OR means writing the same rule twice, and most teams miss both until a policy silently passes.
Rego for security engineers: a beginner's guide to OPA policy
Rego graduated from Styra research project to a CNCF-graduated standard in under five years. Here's how to write your first real OPA/Conftest policy.
Introduction to Open Policy Agent and Rego
A concrete walkthrough of Open Policy Agent and Rego — how OPA evaluates decisions, a runnable policy example, and where it fits in supply chain security.
Safeguard Policy Evaluation Engine
How Safeguard's policy engine evaluates thousands of rules per artifact with predictable latency — the compiler, the cache layer, and the decision trail.
How to write a custom Snyk IaC rule in Rego using the Rul...
A technical walkthrough of Snyk's IaC Rules SDK: scaffolding, writing Rego deny rules, local testing, bundling, and org-wide enforcement via OCI registries.
How Snyk IaC's custom rule SDK structures resource-attrib...
A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.
OPA Gatekeeper for Kubernetes: Writing Policies That Actually Work
Gatekeeper brings OPA's policy engine to Kubernetes. The learning curve is steep but the flexibility is unmatched. Here is how to write, test, and deploy Rego policies that enforce real security.