Description
The talk will explain using an Open Policy Agent (OPA) to ensure that governance, compliance, and security controls are implemented in the development process. The domain-agnostic nature of Open Policy Agent makes it well-suited for policy management and evaluation for tasks like that. The Implementation example will be developing a solution for managing SCM (Source Control Management) security at any organization or project's whole CI/CD pipeline. This part of the talk aims to demonstrate how to use Python Open Policy Agent (OPA) Client and build policies to verify the security of SCM (Gitlab or Github) organization/repositories/user accounts. The good practices to automate those Policies to Satisfy Common Concerns will be covered in the presentation.