How Compliance-as-Code Grants Developers Actionable Security Insights

How Compliance-as-Code Grants Developers Actionable Security Insights


"Open Policy Agent from the CNCF is an increasingly popular choice for enterprise policy and authorization enforcement. OPA Conftest, in particular, enables unified enforcement of infrastructure-as-code and security standards. Maybe you've written a Rego file before or maybe you're hearing about OPA for the first time. How do we take these building blocks and scale from a few Rego examples to an organization-wide compliance-as-code program?

Join Ari Kalfus as he details his journey building an enterprise-scale program with Conftest scanning every commit in the organization for targeted, high fidelity findings. He will cover using GitOps for CI/CD-baked policy rollouts, best practices for integrating results with engineering workflows, and the triumphs and tribulations of running this mess on serverless components. The program uncovered previously unknown repositories in the environment and led to a 37% reduction in policy violations after just one week."


Ari Kalfus

Application Security Leader, Rally Health