Compliance-as-Code
Definition
Compliance-as-Code is the practice of automating compliance checks and enforcement by defining compliance requirements in code. This approach allows organizations to integrate compliance into their DevOps workflows, ensuring that infrastructure and applications adhere to regulatory and organizational standards consistently. By using code to manage compliance, teams can automate audits, reduce human error, and quickly adapt to changing regulations.
Secure Settings Example
# Example of a Kubernetes PodSecurityPolicy ensuring compliance with security standards
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
fsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
Insecure Settings Example
# Example of a Kubernetes PodSecurityPolicy with insecure settings
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: unrestricted
spec:
privileged: true
allowPrivilegeEscalation: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'