Policy as Code Testing

Spacelift

The most flexible CI/CD for Infrastructure as Code.

A specialized CI/CD platform for IaC that provides policy-as-code, state management, and collaboration features.

View tool details →

env0

The complete infrastructure as code (IaC) platform to manage all your cloud environments.

An IaC automation platform that provides governance, cost management, and self-service capabilities for Terraform, Terragrunt, and other IaC tools.

View tool details →

Kubescape

The first tool for testing if Kubernetes is deployed securely according to multiple frameworks.

An open-source Kubernetes security posture management tool that scans for misconfigurations and vulnerabilities.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed for Kubernetes that can validate, mutate, and generate configurations using policies.

View tool details →

Scalr

The Terraform Automation & Collaboration Software.

A Terraform automation and collaboration platform with a hierarchical model for policy and workspace management.

View tool details →

Open Policy Agent (OPA)

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

An open-source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

View tool details →

Datadog Cloud Security Management

Unify development, operations, and security in a single platform.

A cloud security solution from Datadog that includes IaC scanning.

View tool details →

Snyk IaC

Find and fix security issues in your Terraform, CloudFormation, Kubernetes, and Azure Resource Manager configurations.

A developer-first security platform that helps you find and fix misconfigurations in your IaC files.

View tool details →

HashiCorp Sentinel

Policy as Code for Security, Compliance, and Operational Governance.

An embeddable policy-as-code framework that integrates with the HashiCorp Enterprise products.

View tool details →

Azure Policy

Implement governance for consistency, compliance, and security.

A service in Azure that you use to create, assign, and manage policies for your Azure resources.

View tool details →

Styra Declarative Authorization Service (DAS)

The Decision Plane for Cloud-Native.

An enterprise management plane for Open Policy Agent (OPA).

View tool details →

Infracost

Cloud cost estimates for Terraform in your pull requests.

Shows cloud cost estimates for Terraform.

View tool details →

Datree

The Git-native policy engine for Kubernetes.

A policy enforcement solution for Kubernetes that helps you prevent misconfigurations in your manifests.

View tool details →

Fugue

Cloud security and compliance for engineers.

A cloud security platform that helps you manage the entire lifecycle of your cloud infrastructure, from code to cloud.

View tool details →

Ansible security automation

Automate your security processes with Ansible.

Use Ansible to automate your security processes.

View tool details →

Lacework

The data-driven cloud security platform.

A cloud security platform that provides IaC security, CSPM, CWPP, and threat detection.

View tool details →

tfsec

Security scanner for your Terraform code.

A static analysis tool for Terraform code to spot potential security issues.

View tool details →

Trivy

The comprehensive, streamlined security scanner.

A comprehensive security scanner that finds vulnerabilities, misconfigurations, secrets, and SBOMs in a wide range of targets.

View tool details →

Bridgecrew

Automated cloud security for DevOps.

A cloud security platform that helps you find and fix security and compliance issues in your cloud infrastructure.

View tool details →

Pulumi CrossGuard

Policy as Code for the Modern Cloud.

A policy-as-code framework for Pulumi that allows you to enforce policies on your infrastructure using familiar programming languages.

View tool details →

Conftest

Write tests against structured configuration data.

A utility to help you write tests against structured configuration data using the Rego language from Open Policy Agent.

View tool details →

Chef InSpec

Turn your compliance, security, and other policy requirements into code.

An open-source testing framework for infrastructure with a human-readable language for specifying compliance, security, and policy requirements.

View tool details →

Prisma Cloud by Palo Alto Networks

The Comprehensive Cloud Native Application Protection Platform.

A comprehensive cloud security platform that includes IaC scanning, CSPM, CWPP, and more.

View tool details →

Accurics

Secure your cloud native infrastructure.

A cloud security platform that provides security and governance for the full cloud native stack.

View tool details →

KubeLinter

A static analysis tool for Kubernetes YAML files and Helm charts.

A linter for Kubernetes that checks for best practices and security issues.

View tool details →

Checkov

Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages.

A static code analysis tool for infrastructure-as-code.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

A static code analysis tool for IaC that helps you detect security vulnerabilities and compliance violations.

View tool details →

KICS

Keeping Infrastructure as Code Secure.

An open-source static analysis tool that finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in IaC.

View tool details →

Puppet Comply

Continuous compliance for your hybrid infrastructure.

A tool for assessing and remediating compliance issues.

View tool details →

Regula

A tool that evaluates infrastructure as code for security and compliance.

An open-source tool that evaluates infrastructure as code for security and compliance.

View tool details →

Terratest

The ultimate Go library for testing your infrastructure code.

A Go library for writing automated tests for your infrastructure code.

View tool details →

Atlantis

Terraform Pull Request Automation.

Automates Terraform via pull requests.

View tool details →

CloudFormation Guard

A policy-as-code tool for CloudFormation.

An open-source tool for validating CloudFormation templates.

View tool details →

Prowler

Cloud security assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

A security tool for AWS, Azure, and GCP.

View tool details →

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance.

An open-source tool that allows you to manage your cloud resources by defining policies in YAML.

View tool details →

AWS CloudFormation Guard

A command-line interface (CLI) that provides a policy-as-code language to define rules that can check for both required and prohibited resource configurations.

An open-source policy as code tool for checking compliance of AWS CloudFormation templates and other structured data.

View tool details →

Terragrunt

A thin wrapper for Terraform that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state.

A tool that helps you write more maintainable and reusable Terraform code.

View tool details →

OPA Gatekeeper

Policy Controller for Kubernetes.

A customizable admission webhook for Kubernetes that enforces policies executed by the Open Policy Agent (OPA).

View tool details →

Ansible Lint

Checks playbooks for practices and behavior that could potentially be improved.

A command-line tool for linting Ansible playbooks, roles, and collections.

View tool details →

TFLint

A Pluggable Terraform Linter.

A linter for Terraform that checks for possible errors, best practices, and naming conventions.

View tool details →

KICS by Checkmarx

Keeping Infrastructure as Code Secure.

An open source static analysis tool for IaC.

View tool details →