Styra further shifts security left with new policy-as-code repository scanning
This new functionality gives Platform teams a near-instant way to scan configuration files in GitHub, to identify and prevent risk well before production.
REDWOOD CITY, Calif. — Aug. 31, 2022 — Styra, Inc., the creators and maintainers of Open Policy Agent (OPA) and leader of cloud-native authorization, today introduced Repo Scan as the newest feature in the Styra Declarative Authorization Service (DAS). With this new addition, Styra now provides near-instant scanning of configuration files in GitHub, so that Platform teams have the power to proactively prevent errors from making their way into production.
Cloud application components, and cloud platforms, such as Amazon Web Services, Google Cloud Platform and Microsoft Azure, are all governed and controlled by automated, flexible tooling. Managing all of this tooling cannot be done with point-and-click human interaction, instead it requires thousands of lines of configuration code. This overwhelming set of code-based instructions has become so complex that it often introduces opportunity for error and the possibility of policy violations.
Software supply chain security—or looking across each component of software to identify and address risk—must include detailed scanning of all the configuration files that govern how the application and cloud interact. Styra now provides a simple, efficient way for developers and platform teams to check their configuration files for human error, mismanagement or simple deployment gaps. This ensures potential attackers don’t have the ability to exploit configuration errors, and “walk through the front door” of today’s software-defined infrastructure.
“No human can keep up with scanning thousands of lines of code, with infinite repetition, to ensure configuration changes and app updates don’t have unintended consequences.” says Chris Hendrix, Director of Product Management at Styra. “At Styra, we want to make our users’ jobs easier while ensuring that the applications and infrastructure they’re building is secure and compliant. This new addition to Styra DAS lets our customers shift their security policy left, all the way to code check-in time, to catch errors even earlier, and remediate risk from the start.”
The benefits of policy-as-code and configuration scanning
Repo Scan gives Platform teams a near-instant solution for scanning policy-as-code files in GitHub then quickly finds and flags issues to minimize the possibility of risk to security, compliance or availability. This new capability means Styra customers can:
- Quickly find errors within seconds and prove those errors have been fixed with dynamic compliance reporting
- Empower developers and enable tooling diversity using OPA-based policy that is fully extensible across platforms and tooling
- Enhance productivity with automated policy enforcement that monitors and enforces policy guardrails from GitHub check in, to CICD, to production deployment
Styra provides an authorization platform, built on OPA, to provide access control and security across cloud-native applications and systems. Initially focused on policy-as-code guardrails for Kubernetes, ensuring workload compliance for internal and external regulations, Styra extended its policy-based authorization to microservices, gateways, and cloud-native entitlements management. With additions like Repo Scan to Styra DAS, the company continues to provide customers and the OPA community industry-leading enterprise authorization.
To learn more about securing your cloud-native solutions with Styra, visit https://www.styra.com/.
About Styra
Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments. With a combination of open source (Open Policy Agent) and commercial products (Declarative Authorization Service), Styra provides security, operations and compliance guardrails to protect applications, as well as the infrastructure they run on. Styra policy-as-code approach lets developers, DevOps, and security teams mitigate risks, reduce human error and accelerate application development. Learn more at Styra.
Media Contact
Lindsey Harrison
Walker Sands for Styra
lindsey.harrison@walkersands.com
630-730-1808
Cloud native
Authorization
Entitlement Explosion Repair
Join Styra and PACLabs on April 11 for a webinar exploring how organizations are using Policy as Code for smarter Access Control.
Speak with an Engineer
Request time with our team to talk about how you can modernize your access management.