Regula is an open source policy engine for infrastructure as code security and compliance, and is available to developers as a set of open source tools and a CLI.
Regula is the policy engine that powers Fugue, a SaaS platform for securing cloud resources across the entire cloud development lifecycle.
Regula has the following advantages:
- Support for the IaC tools and templates that you use: AWS CloudFormation YAML and JSON templates, including SAM templates and those generated by the AWS Cloud SDK; Terraform source and plan files, including support for modules and Terraform JSON generated by the Terraform CDK; Kubernetes YAML manifests; Azure Resource Manager (ARM) templates (preview)
- Easy installation and deployment with Homebrew, Docker, and pre-built binaries for all platforms
- Out-of-the-box libraries of rules that inspect AWS, Azure, Google Cloud, and Kubernetes resources for potential misconfigurations and compliance issues, including CIS Foundations Benchmarks checks
- Configurable settings, including waivers for designating exceptions on resources or even an entire IaC file, and enabling/disabling rules based on your team’s needs
- Support for user-defined custom rules written in Rego, the policy as code language from Open Policy Agent. Users can easily define simple, single-resource type rules, or more complex rules that evaluate multiple resource types or check for missing configurations
- CI/CD integration examples for GitHub Actions, Travis CI, and more
- Support for standardized output formats such as JSON, JUnit, and Test Anything Protocol (TAP) for simple integration into existing CI/CD pipelines
- Integration with Conftest for convenient test running