cdf-landscape icon indicating copy to clipboard operation
cdf-landscape copied to clipboard

Published 20 hours ago • verified publisher icon cdfoundation

Policy Category

Open sbtaylor15 opened this issue 3 years ago • 3 comments

Handle policy management tools that fit into the pipeline.

sbtaylor15 avatar Nov 12 '21 17:11 sbtaylor15

Hi @sbtaylor15,

@idanshahar has suggested adding a Governance sub-category on 257:

Screenshot 2022-09-01 at 11 55 33

It would be great to have your input and that of @justinabrahms, @bradmccoydev, and others thinking about policy + pipelines.

MarckK avatar Sep 01 '22 16:09 MarckK

Policy is a very large space. There's nothing pipeline specific about most of the tools that I know (though I've just learned about Allero). I'll cross post it to the supply chain sig.

justinabrahms avatar Sep 01 '22 16:09 justinabrahms

Hey @justinabrahms, here are several pipeline-specific policy tools. However, most of them focus on security practices and are not open source. OX Security Argon Security Spectral Ops Apolicy

I believe we will see more policy solutions for pipelines getting out there, many companies already developed internal tooling to enforce CI/CD best practices and to support shifting left DevOps.

idanshahar avatar Sep 02 '22 17:09 idanshahar

We now have a subcategory for Policy under the main DevSecOps category on the landscape. Please do iterate on this Policy category, with any changes you think are due, including new additions to that category. Thank you!

Screenshot 2022-09-19 at 11 24 47

MarckK avatar Sep 19 '22 15:09 MarckK

Kyverno and OPA are now included on the landscape, under policy category as well so closing this issue.

Please either directly add new projects to the category via PRs or open a new issue for changes to existing category and projects.

fdegir avatar Sep 27 '22 10:09 fdegir