DevSec Collaboration: Enable Developers to Collaborate with Security Teams through Codified Policies

DevSec Collaboration: Enable Developers to Collaborate with Security Teams through Codified Policies hero graphic

Jun 12, 2020 by DROdio

What if your security teams could collaborate directly with your developers by creating policies that ensure safety and compliance, while also giving your developers the ability to manage and update their software delivery workflows and processes? This empowers developers to see, understand and fix policy violations in realtime as they deliver software to production, increasing their velocity while ensuring the company’s safety.

  • Armory’s Policy Engine builds on the popular Open Policy Agent open source project
  • Write simple rules in code to enforce company policies for security and compliance
  • Automate the enforcement of these codified policies with Spinnaker
  • Execution features allow policies to be run before and after pipeline stages, and Persistence features allow policies to be evaluated when a pipeline is saved

Armory engineer Jacob Kobernik explains how Armory Policy Engine makes it possible:

This Armory Policy Engine Plugin works with both open-source Spinnaker as well as Armory’s enterprise distribution of Spinnaker, thanks to our use of the new Spinnaker Plugin Framework.

Recently Published Posts

Reduce the Blast Radius of a Bad Deployment with Automated Canary Analysis

May 23, 2022

Software deployment processes differ across organizations, teams, and applications. The most basic, and perhaps the riskiest, is the “big bang deployment.” This strategy updates all nodes within the target environment simultaneously with the new software version. This deployment strategy causes many issues, including potential downtime or other issues while the update is in progress. It […]

Read more

Reliable and Automatic Multi-Target Deployments

May 16, 2022

Multi-target deployments can feel tedious as you deploy the same code over and over to multiple clouds and environments — and none of them in the same way. With an automatic multi-target deployment tool, on the other hand, you do the work once and deliver your code everywhere it needs to be. Armory provides an […]

Read more

Learning out Loud: KubeCon EU edition

May 11, 2022

KubeCon+CloudNativeCon EU is one of the world’s largest tech conferences. Here, users, developers, and companies who have and intend to adopt the Cloud Native standard of running applications with Kubernetes in their organizations come together for 5 days. From May 16-20, 2022, tech enthusiasts will congregate both virtually and in person in Valencia, Spain to […]

Read more