tools: Add Styra DAS for IaC policy guardrails #171
Conversation
| @@ -303,6 +303,7 @@ For more Community Modules not listed here please see the [Terraform Module Regi | |||
| - [scratchrelaxtv](https://github.com/YakDriver/scratchrelaxtv) - Simple Python tool to help with module development - extract vars from `main.tf` to generate `variables.tf` and make module usage stub from `variables.tf`. | |||
| - [serverless.tf - Doing serverless with Terraform](https://serverless.tf/) - serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform. [Read more](https://github.com/antonbabenko/serverless.tf). | |||
| - [Shisho](https://github.com/flatt-security/shisho) - Lightweight static analyzer for Terraform. | |||
| - [Styra Declarative Authorization Service (DAS)](https://www.styra.com/terraform-cloud-config-management-with-styra-das-and-open-policy-agent) - Provides a managed [Open Policy Agent (OPA)](https://www.openpolicyagent.org) platform for Application and Infrastructure use cases, including Terraform, Terraform Cloud, and Kubernetes. Enforce policy guardrails during development, in CI/CD pipelines, and at deploy time. Styra DAS Free provides multiple systems and users, policy impact analysis, decision logging and replay, and access to Styra's Terraform policy library. | |||
There was a problem hiding this comment.
this is not really a tool, it should be moved to the managed SaaS section.
There was a problem hiding this comment.
Can you move it down to the terraform enterprise section?
|
ping @pauly4it |
|
@chenrui333 thanks for the ping and sorry for the delay! I actually wasn't sure which section Styra DAS best fit in, and maybe I didn't describe the product appropriately in the PR. Happy to move Styra DAS down to the Terraform Enterprise section if you think that's the best place, though it's not similar to any of the other products in that section. The Terraform Enterprise section seems like it's focused on products that run/manage Terraform and are positioned more as competitors to HashiCorp's Terraform Cloud and Terraform Enterprise products. I felt the Tools section was probably the closest fit. Styra DAS is similar to CLI tools which review Terraform configurations and also have cloud SaaS offerings, like Checkov (and Bridgecrew's other products), CloudRail, Infracost, Aqua's tfsec, Checkmarx's KICS, Tenable's Terrascan, and Fugue's Regula. Regula, Terrascan, and KICS all actually use OPA's Rego policy language under the hood like Styra DAS. Bridgecrew, Tenable, Checkmarx, and Aqua all also have Terraform Cloud run task integrations like Styra DAS. I also wasn't sure if I should include the 💲 icon next to Styra DAS, since there is a fully-functional free plan, and similar products with free and paid options didn't have it. Let me know your thoughts on the placement. The Terraform landscape has grown considerably since the list was first created. Perhaps a re-organization could help clarify in which sections certain products belong. Happy to help with an initiative like that! |
Thanks for the comprehensive write-up, with what you specified, I agree that the tools might be a better fit for now. The reason why I was suggesting it should be moved to the enterprise is purely because of the SaaS offering nature, not exactly whether it would be a competitor to terraform cloud or terraform enterprise offering. But glad to know that there is a fully free pricing tier. (generally the other enterprise services might also have the free tier as well) As regarding to the reorganization of the list, I totally agree, but my head feel fuzzy about the direction, happy to chat more or maybe create an issue to discuss this. |
|
I will wait for your response before the merge ;) |
|
Ah, that makes sense! It does seem like the Tools section should be divided up, potentially between open-source tools and SaaS products. I'll create an issue to get a discussion started on list organization improvements. In the meantime, would you be ok with approving and merging the PR as is? |
|
yeah, totally. |
|
Thanks @pauly4it! |
I noticed a few items related to OPA in the list and wanted to add Styra DAS for OPA policy management for Terraform and Terraform Cloud.
Let me know if you'd prefer it in a different section in the list or if you'd like any changes to the details.
Thanks for maintaining this list for the community!