DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • Calendar View
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • CI/CD
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Sustainability
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Dev Jobs are Dead: ‘Everyone’s a Programmer’ With AI ¦ Intel VPUs
  • Logz.io Taps AI to Surface Incident Response Recommendations
  • Why You Need a Multi-Cloud and Multi-Region Deployment Strategy
  • Cloud Drift Detection With Policy-as-Code
  • Checkmarx Brings Generative AI to SAST and IaC Security Tools

Home » Latest News Releases » Fugue Announces IaC Security for AWS CloudFormation in Regula, the Open-Source Policy Engine

Fugue Announces IaC Security for AWS CloudFormation in Regula, the Open-Source Policy Engine

By: Deborah Schalm on May 11, 2021 Leave a Comment

Regula performs security checks on AWS CloudFormation and Terraform infrastructure as code for AWS, Microsoft Azure, and Google Cloud environments

Recent Posts By Deborah Schalm
  • Exabeam Reinvents Security Analytics with Fusion XDR and Fusion SIEM Cloud Products to Address Security Needs at Scale
  • New Study Reveals Importance of Optimized Strategy for the Selection, Support, and Maintenance of Open Source Software
  • Applitools Integrates With Rally for Fast and Automated Bug Management
More from Deborah Schalm
Related Posts
  • Fugue Announces IaC Security for AWS CloudFormation in Regula, the Open-Source Policy Engine
  • Fugue Marries Compliance-as-Code Tool to AWS Well-Architected Framework
  • Snyk Acquires Fugue to Secure Cloud Infrastructure
    Related Categories
  • Latest News Releases
    Related Topics
  • Fugue
Show more
Show less

Frederick, MD –  May 11, 2021 – Fugue, the company helping organizations innovate faster and more securely in the cloud, announced support for AWS CloudFormation in Regula, the open-source infrastructure as code (IaC) policy engine. Cloud engineering and security teams can now use Regula to secure their AWS CloudFormation and Terraform configurations prior to deployment—and apply those same rules to running cloud environments using the Fugue platform to secure the entire cloud development lifecycle. Expanding Regula capabilities represents Fugue’s continued leadership in innovating on policy as code for IaC and running cloud infrastructure since 2015.

TechStrong Con 2023Sponsorships Available

Regula is ideal for organizations with DevOps teams that use both AWS CloudFormation and Terraform—and those operating multi-cloud environments. Regula is the only AWS CloudFormation security tool that can address vulnerabilities involving multiple resources, and the only one that helps teams meet the CIS AWS Foundations Benchmarks 1.2.0 and 1.3.0. Regula easily integrates into CI/CD pipelines and enables pre-commit IaC checks and provides pull request feedback. Fugue provides examples of Regula working with GitHub Actions for CI/CD.

“At Cadwell, we needed an effective way to check our infrastructure as code to ensure our cloud infrastructure deployments are secure so we can move faster in the cloud with confidence,” said Sawyer Ward, Enterprise Support Specialist at Cadwell Industries, Inc. “Regula is ideal for our infrastructure as code security requirements, and the ability to apply those same rules to our cloud environment with Fugue means we can keep our infrastructure in continuous compliance and avoid the risks and overhead of maintaining multiple policy frameworks.”

While Regula works independently of Fugue, teams can use Fugue to apply the same Regula rules to assess the security posture of their running AWS, Azure, and Google Cloud cloud infrastructure environments, eliminating the investment and cloud risk associated with using and reconciling different policy frameworks for different stages of the cloud development lifecycle and for different cloud platforms.

“Companies operating at scale in the cloud need a policy as code framework that’s flexible, works with the leading infrastructure as code tools, and can be used across cloud platforms at every stage of the cloud development lifecycle,” said Josh Stella, co-founder and CEO of Fugue. “By extending Regula support to AWS CloudFormation, cloud engineering and security teams now have a unified cloud policy framework that works with their tools and workflows, giving them the confidence to move faster in the cloud—without breaking the rules needed to keep cloud infrastructure secure and in compliance.”

Regula’s rule library checks for a wide variety of cloud misconfiguration vulnerabilities, such as dangerously permissive AWS IAM policies and security group rules, S3 buckets without “block public access” options enabled, Lambda function policies allowing global access, VPCs with flow logs disabled, EBS volumes with encryption disabled, and untagged cloud resources. View the full set of Regula rules here.

Regula supports user-defined rules using the Rego query language developed by the Open Policy Agent project—and includes helper libraries that enable users to easily build their own rules that conform to enterprise policies. Fugue created and open-sourced Fregot, a tool that enables developers to easily evaluate Rego expressions, debug code, and test policies.

Regula is available today on Fugue’s public GitHub repository and on DockerHub.

About Fugue

Fugue helps organizations move faster in the cloud—without breaking the rules needed to keep cloud environments secure. The Fugue platform secures the entire cloud development lifecycle—from infrastructure as code through the cloud runtime. Fugue empowers cloud engineering and security teams to prove continuous compliance, build security into cloud development, and eliminate cloud misconfiguration. Fugue supports Amazon Web Services, Microsoft Azure, and Google Cloud, and provides one-click reporting for CIS Foundations Benchmarks, CIS Controls, CIS Docker, CSA CCM, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2. Customers such as AT&T, SAP NS2, and Red Ventures trust Fugue to protect their cloud environments. To learn more, visit www.fugue.co.

Filed Under: Latest News Releases Tagged With: Fugue

« Why Browser and API Testing is Shifting Left
Applause Codeless Automation Accelerates Release Velocity »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Securing Your Software Supply Chain with JFrog and AWS
Tuesday, June 6, 2023 - 1:00 pm EDT
Maximize IT Operations Observability with IBM i Within Splunk
Wednesday, June 7, 2023 - 1:00 pm EDT
Secure Your Container Workloads in Build-Time with Snyk and AWS
Wednesday, June 7, 2023 - 3:00 pm EDT

GET THE TOP STORIES OF THE WEEK

Sponsored Content

PlatformCon 2023: This Year’s Hottest Platform Engineering Event

May 30, 2023 | Karolina Junčytė

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Latest from DevOps.com

Dev Jobs are Dead: ‘Everyone’s a Programmer’ With AI ¦ Intel VPUs
June 1, 2023 | Richi Jennings
Logz.io Taps AI to Surface Incident Response Recommendations
June 1, 2023 | Mike Vizard
Why You Need a Multi-Cloud and Multi-Region Deployment Strategy
June 1, 2023 | Jesse Martin
Cloud Drift Detection With Policy-as-Code
June 1, 2023 | Joydip Kanjilal
Checkmarx Brings Generative AI to SAST and IaC Security Tools
May 31, 2023 | Mike Vizard

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

Most Read on DevOps.com

CDF Marries Emporous Repository to Ortelius Management Platform
May 26, 2023 | Mike Vizard
Is Your Monitoring Strategy Scalable?
May 26, 2023 | Yoni Farin
GitLab Adds More AI and Cybersecurity Capabilities to CI/CD Platform
May 26, 2023 | Mike Vizard
What Is a Cloud Operations Engineer?
May 30, 2023 | Gilad David Maayan
Five Great DevOps Job Opportunities
May 30, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.