Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance the validation workflow for regoval and celval commands #88

Closed
santoshkal opened this issue Jun 4, 2024 · 1 comment · Fixed by #104
Closed

Enhance the validation workflow for regoval and celval commands #88

santoshkal opened this issue Jun 4, 2024 · 1 comment · Fixed by #104

Comments

@santoshkal
Copy link
Collaborator

santoshkal commented Jun 4, 2024
edited
Loading

When validation IaC configs using regoval or celval commands a user needs to specify the policy to be used against the config.

Enhance this workflow by following updates:

If a user supplies only a target manifest file and does not provide any policy, Genval should pull the default policies from intelops security policy hub and apply them.
@santoshkal santoshkal added this to genval Jun 4, 2024
@santoshkal santoshkal converted this from a draft issue Jun 4, 2024
@santoshkal santoshkal changed the title Enhance the valoidation workflow for regoval and celval commands Enhance the validation workflow for regoval and celval commands Jun 5, 2024
@santoshkal
Copy link
Collaborator Author

santoshkal commented Jun 5, 2024
edited
Loading

The PoC for validating Dockerfiles against a set of Rego policies stored in OCI registries is now available.

default1

Before integrating this functionality into other workflows, such as validating Kubernetes manifests, Terraform files, and CEL policies, the following considerations need to be noted:

  • If a user opts to use default policies, Authentication mechanisms must be implemented to interact with registries. This can be documented in command examples and the README file.
  • The policy fetching from OCI registries involves an HTTP request-response workflow, which may introduce a delay of a couple of seconds due to the HTTP response, extraction of the tarball, and policy evaluation.
  • All URLs for respective policies must be provided to the command through a .env file.

cc/- @devopstoday11

@santoshkal santoshkal moved this from Ready to work to Testing in genval Jun 6, 2024
@santoshkal santoshkal mentioned this issue Jun 13, 2024
Merged
@github-project-automation github-project-automation bot moved this from Testing to Done in genval Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
genval
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Rego validations intelops/genval
1 participant
@santoshkal