All news with #open policy agent tag

Shifting Left at Enterprise Scale for Cloudflare Governance

🔐 Cloudflare describes how its Customer Zero team moved internal production account management from manual dashboard changes to a centralized Infrastructure as Code model to reduce human error and accelerate secure change. The effort uses Terraform, an Atlantis-driven CI/CD pipeline, and a custom tfstate-butler backend to securely manage state at scale. Policy enforcement relies on Open Policy Agent Rego policies executed through Conftest on every merge request, with warnings or deny gates and a formal exceptions workflow.

Automating FinOps Governance with Workload Manager

🔧 Workload Manager automates FinOps governance by codifying cost-control policies and enforcing them across Google Cloud environments. It supports both predefined checks (for example, bigquery-missing-labels) and custom rules written in Open Policy Agent (OPA) Rego, allowing organization-, folder-, or project-level scans. Scheduled evaluations can export results to BigQuery, trigger notifications (email, Slack, PagerDuty), and feed Looker Studio dashboards for reporting and trend analysis. New pricing reduces scan costs by up to 95% and includes a small free tier to accelerate adoption.