EmbarkStudios/opa-policies
Contains OPA Policies for Dockerfiles, Kubernetes YAMLs, Terraform, etc
Open Policy AgentApache-2.0
Issues
- 0
How to reference ARG, ENV variables when it been used in FROM, COPY, ADD commands while evaluating rules
#123 opened by srinivaschary - 0
- 0
- 1
CloudSQL Postgres: Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0' (on)
#120 opened by freddd - 1
CloudSQL Postgres:Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
#121 opened by freddd - 0
- 0
- 0
GCE: Ensure that IP forwarding is not enabled on Instances
#119 opened by freddd - 0
- 0
GCP PubSub Topics: Ensure no public members
#117 opened by freddd - 0
GCP AR: should not allow public members
#107 opened by freddd - 0
GCP Cloud SQL: Ensure disk auto resize is true
#74 opened by freddd - 0
GCP Cloud SQL: Ensure high availability is enabled
#76 opened by freddd - 0
GCP Memorystore: Make sure AUTH is enabled
#108 opened by freddd - 0
GCP Cloud SQL: Ensure auto backups enabled
#73 opened by freddd - 0
GCP Dataflow: Ensure workers are private
#109 opened by freddd - 0
GCP Cloud SQL: Ensure read replica is created
#75 opened by freddd - 0
- 1
- 0
GKE: Ensure containerd is used
#99 opened by freddd - 0
- 0
AWS EKS: Ensure instance_type is set in node_group
#102 opened by mlaver - 0
- 0
AWS EKS: Ensure control plane logging is enabled
#100 opened by mlaver - 1
- 0
Improve wiki docs with rationale
#83 opened by freddd - 0
GCP Network: Ensure subnets are not auto-created
#69 opened by freddd - 0
GCE: Block project wide ssh keys
#49 opened by freddd - 0
- 0
GCE: Ensure oslogin enabled
#50 opened by freddd - 0
- 0
- 0
- 0
- 0
GKE: Ensure workload identity is enabled
#24 opened by freddd - 1
GKE: Ensure pod security policies enabled
#25 opened by freddd - 0
GKE: Ensure secure boot enabled
#26 opened by freddd - 0
GKE: Ensure auto-repair is enabled
#23 opened by freddd - 0
GKE: Ensure Auto upgrade enabled
#22 opened by freddd - 0
GCE: Ensure shielded VM
#51 opened by freddd - 0
- 0
- 0
- 0
- 0
- 0
GCP Networking: Ensure no unrestricted ingress
#27 opened by freddd - 0
GCP IAP: Ensure no allUsers/allAuthenticatedUsers
#37 opened by freddd - 0
- 0
BQ: Ensure no datasets are publicly available
#31 opened by freddd - 0
GCP Project: Ensure auto-create network is false
#33 opened by freddd