search menu icon-carat-right cmu-wordmark

Implementing Policy as Code through Open Policy Agent

September 2021 Presentation

This presentation by Marudhamaran Gunasekaran of Practical DevSecOps was given virtually at DevSecOps Days Los Angeles 2021 on September 15, 2021.

Publisher:

Software Engineering Institute

Abstract

If our organization policies are still managed through a GUI, we lose the benefits of audibility, repeatability, and testability of those policies (such as access control, scan results evaluation, and other decision-making procedures). Policy as code helps us manage policies in a declarative way and enforce them across our entire application and technology stack. To learn about policy as code, join us in this talk where we'll teach you how to get started with policy as code through open policy agent (OPA).

The areas we will cover in this talk include:

  • the need for policy as code
  • exploring OPA
  • understanding the constructs of a declarative policy language
  • walkthrough of implementation use cases

At the end of the session, you'll have a solid understanding of:

  • the basics of policy as code
  • introducing policy as code in your technology stack
  • the application of policies through the Rego language in OPA

This presentation by Marudhamaran Gunasekaran of Practical DevSecOps was given virtually at DevSecOps Days Los Angeles 2021 on September 15, 2021. Marudhamaran Gunasekaran is a security consultant at Practical DevSecOps with a strong passion for securing software development through training and consulting.

He enjoys working with engineering and operations teams to seamlessly imbibe the security mindset even before a single line of code is written. He is the developer and maintainer of the OWASP ZAP Dot Net API and you will find him speaking at various meetup groups and conferences on topics related to Agile Software Development and Security. Some of his certifications include Azure Certified Security Engineer, Microsoft Certified Trainer, ISO 27001 Lead Auditor, Professional Scrum Master I, II, and III, Certified DevSecOps Professional. His specialties are DevSecOps, Agile Coaching, Scrum, Microsoft stack, threat modeling, and auditing. He is a part of TU Delft University’s MOOC courseware for global software engineering and is an author at Pluralsight.