cfn_nag VS gatekeeper-library

Compare cfn_nag vs gatekeeper-library and see what are their differences.

Our great sponsors
  • PopRuby - Clothing and Accessories for Ruby Developers
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
cfn_nag gatekeeper-library
14 8
1,218 599
0.4% 1.5%
0.0 8.8
7 months ago 7 days ago
Ruby Open Policy Agent
MIT License Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

cfn_nag

Posts with mentions or reviews of cfn_nag. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-25.

gatekeeper-library

Posts with mentions or reviews of gatekeeper-library. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-10.
  • Multi-tenancy in Kubernetes
    13 projects | dev.to | 10 Apr 2023
    Here is a library or rules for the Open Policy Agent.
  • OPA Rego is ridiculously confusing - best way to learn it?
    6 projects | /r/kubernetes | 20 Sep 2022
  • Container security best practices: Comprehensive guide
    17 projects | dev.to | 16 Nov 2021
    Many more examples are available in the OPA Gatekeeper library project!
  • Expose Open Policy Agent/Gatekeeper Constraint Violations for Kubernetes Applications with Prometheus and Grafana
    9 projects | dev.to | 18 Jun 2021
    by default and exposes metrics on path ```/metrics``` . It can run locally on your development box as long as you have a valid Kubernetes configuration in your home folder (i.e. if you can run kubectl and have the right permissions). When running on the cluster a ```incluster``` parameter is passed in so that it knows where to look up for the cluster credentials. Exporter program connects to Kubernetes API every 10 seconds to scrape data from Kubernetes API. We've used [this](https://medium.com/teamzerolabs/15-steps-to-write-an-application-prometheus-exporter-in-go-9746b4520e26) blog post as the base for the code. ## Demo Let's go ahead and prepare our components so that we have a Grafana dashboard to show us which constraints have been violated and how the number of violations evolve over time. ### 0) Required tools - [Git](https://git-scm.com/downloads): A git cli is required to checkout the repo and - [Kubectl](https://kubernetes.io/docs/tasks/tools/) and a working K8S cluster - [Ytt](https://carvel.dev/ytt/): This is a very powerful yaml templating tool, in our setup it's used for dynamically overlaying a key/value pair in all constraints. It's similar to Kustomize, it's more flexibel than Kustomize and heavily used in some [Tanzu](https://tanzu.vmware.com/tanzu) products. - [Kustomize](https://kustomize.io/): Gatekeeper-library relies on Kustomize, so we need it too. - [Helm](https://helm.sh/): We will install Prometheus and Grafana using helm - Optional: [Docker](https://www.docker.com/products/docker-desktop): Docker is only optional as we already publish the required image on dockerhub. ### 1) Git submodule update Run ```git submodule update --init``` to download gatekeeper-library dependency. This command will download the [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library) dependency into folder ```gatekeeper-library/library``` . ### 2) Install OPA/Gatekeeper If your K8S cluster does not come with Gatekeeper preinstalled, you can use install it as explained [here](https://open-policy-agent.github.io/gatekeeper/website/docs/install/). If you are familiar with helm, the easiest way to install is as follows: ```bash helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts helm install gatekeeper/gatekeeper --generate-name
  • Who is doing image scanning on an admission controller? (Open source)
    3 projects | /r/kubernetes | 12 Feb 2021
    Gatekeeper library has example policies for restricting image repositories: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general
  • Mental models for understanding Kubernetes Pod Security Policy PSP
    4 projects | /r/kubernetes | 16 Jan 2021
    You should check out the Gatekeeper project. There's plenty of templates available for use without having to write a single line of rego for most use cases (e.g https://github.com/open-policy-agent/gatekeeper-library)

What are some alternatives?

When comparing cfn_nag and gatekeeper-library you can also consider the following projects:

checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

cfn-python-lint - CloudFormation Linter

OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.

helm-charts - Prometheus community Helm charts

opa-scorecard

SonarQube - Continuous Inspection

aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

tfsec - Security scanner for your Terraform code

conftest - Write tests against structured configuration data using the Open Policy Agent Rego query language

vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.

opa-image-scanner - Kubernetes Admission Controller for Image Scanning using OPA