Hands-on Introduction to GitGat
Meet the Cast
HOST
David Flanagan
@rawkode
Stay ahead in cloud native
Tutorials, deep dives, and curated events—no fluff.
SCM (Source Control Management) security is of high importance as it serves as an entry point to the whole CI/CD pipeline. This repository contains policies that verify SCM (currently GitHub's) organization/repositories/user accounts security. The policies are evaluated using Open Policy Agent (OPA).
There are different sets of policies depending on which account is being evaluated. Most policies are only relevant for organization owners. See the rulesets section bellow.
The policies are evaluated against a certain state. When executed for the first time, the state is empty. The returned data should be reviewed, and the security posture should be manually evaluated (with recommendations from each module). If the state is approved, it should be added to the input data, so that the next evaluation of policies tracks the changes of the state. More information about the state configurable for each module is available in each module's corresponding section.
Related Videos
Fuck you, Hashicorp ... an IBM Company.
HashiCorp archived the repo without warning. Here is why their excuse about "product market fit" is a lie.
Replace Your GitHub Actions YAML with CUE
Are you tired of copy-pasting YAML between repositories only to be bitten by typos after pushing?
MinIO, we won't miss you.
MinIO just announced maintenance mode for their community edition — and honestly? Good riddance.
Relaunching Klustered ... with Heroku Vibes
Building and Launching a Marketing Page on Heroku with AI in Under 20 Minutes
Comments