Styra Repo Scan lets customers shift their security policy left

Styra has introduced Repo Scan as the feature in the Styra Declarative Authorization Service (DAS). With this addition, Styra provides scanning of configuration files in GitHub, so that Platform teams have the power to prevent errors from making their way into production.

Cloud application components, and cloud platforms, such as Amazon Web Services, Google Cloud Platform and Microsoft Azure, are all governed and controlled by automated, flexible tooling.

Managing all of this tooling cannot be done with point-and-click human interaction, instead it requires thousands of lines of configuration code. This overwhelming set of code-based instructions has become so complex that it often introduces opportunity for error and the possibility of policy violations.

Software supply chain security — or looking across each component of software to identify and address risk — must include detailed scanning of all the configuration files that govern how the application and cloud interact.

Styra provides a way for developers and platform teams to check their configuration files for human error, mismanagement or simple deployment gaps. This ensures potential attackers don’t have the ability to exploit configuration errors, and “walk through the front door” of software-defined infrastructure.

“No human can keep up with scanning thousands of lines of code, with infinite repetition, to ensure configuration changes and app updates don’t have unintended consequences.” says Chris Hendrix, Director of Product Management at Styra.

“At Styra, we want to make our users’ jobs easier while ensuring that the applications and infrastructure they’re building is secure and compliant. This new addition to Styra DAS lets our customers shift their security policy left, all the way to code check-in time, to catch errors even earlier, and remediate risk from the start.”, Hendrix continued.

The benefits of policy-as-code and configuration scanning

Repo Scan gives Platform teams a solution for scanning policy-as-code files in GitHub then finds and flags issues to minimize the possibility of risk to security, compliance or availability.

This new capability means Styra customers can:

• Find errors within seconds and prove those errors have been fixed with dynamic compliance reporting
• Empower developers and enable tooling diversity using OPA-based policy that is fully extensible across platforms and tooling
• Enhance productivity with automated policy enforcement that monitors and enforces policy guardrails from GitHub check in, to CICD, to production deployment

Styra provides an authorization platform, built on OPA, to provide access control and security across cloud-native applications and systems. Initially focused on policy-as-code guardrails for Kubernetes, ensuring workload compliance for internal and external regulations, Styra extended its policy-based authorization to microservices, gateways, and cloud-native entitlements management.

With additions like Repo Scan to Styra DAS, the company continues to provide customers and the OPA community enterprise authorization.