The highest tagged major version is
README
¶
Regula
Tip: See all of our documentation at regula.dev!
Introduction
Regula is a tool that evaluates infrastructure as code files for potential AWS, Azure, Google Cloud, and Kubernetes security and compliance violations prior to deployment.
Regula supports the following file types:
- CloudFormation JSON/YAML templates
- Terraform source code
- Terraform JSON plans
- Kubernetes YAML manifests
- Azure Resource Manager (ARM) JSON templates (in preview)
Regula includes a library of rules written in Rego, the policy language used by the Open Policy Agent (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included a GitHub Actions example so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, Google Cloud, and Kubernetes Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers at Fugue.
Regula is also available as a Docker image on DockerHub here.
More information is available at regula.dev.
Installation
Homebrew (macOS & Linux)
To install Regula via Homebrew:
brew tap fugue/regula
brew install regula
To upgrade Regula:
brew upgrade regula
Prebuilt binary (all platforms)
-
Download the Regula archive for your platform from the Releases page.
-
Extract the downloaded archive.
-
Move the extracted
regulabinary to somewhere in your PATH:macOS:
mv regula /usr/local/binLinux:
sudo mv regula /usr/local/binWindows (cmd):
md C:\regula\bin move regula.exe C:\regula\bin setx PATH "%PATH%;C:\regula\bin"Windows (PowerShell):
md C:\regula\bin move regula.exe C:\regula\bin $env:Path += ";C:\regula\bin" # You can add '$env:Path += ";C:\regula\bin"' to your profile.ps1 file to # persist that change across shell sessions. -
Windows users only: Close cmd and re-open it so the changes take effect.
-
You can now run
regula.
Docker (all platforms)
Regula is available as a Docker image on DockerHub here.
For usage, see Running Regula with Docker.
From source
macOS, Linux, and WSL only
-
Build binary and move to
/usr/local/bin/regula:make # this builds ./bin/regula make install # this builds ./bin/regula and installs it to /usr/local/bin/regula
Once you've built the binary, execute the following to run tests:
git submodule update --init --recursive
make test
Usage
For a tutorial on using Regula with example IaC, see Getting Started.
Regula
Usage:
regula [command]
Available Commands:
completion generate the autocompletion script for the specified shell
help Help about any command
init Create a new Regula configuration file in the current working directory.
repl Start an interactive session for testing rules with Regula
run Evaluate rules against infrastructure as code with Regula.
show Show debug information.
test Run OPA test with Regula.
version Print version information.
write-test-inputs Persist dynamically-generated test inputs for use with other Rego interpreters
Flags:
-h, --help help for regula
-v, --verbose verbose output
Use "regula [command] --help" for more information about a command.
For details about each command, including examples, see Usage.
For more information
Visit regula.dev for more information about Regula, including:
- Regula's report output
- Integrations
- Writing and testing custom rules
- Configuring waivers and disabling rules
- and more!
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
pkg
|
|
|
mocks
Package mocks is a generated GoMock package.
|
Package mocks is a generated GoMock package. |
|
regulatf
Implements the `Data` interface.
|
Implements the `Data` interface. |
|
terraform/addrs
Package addrs contains types that represent "addresses", which are references to specific objects within a Terraform configuration or state.
|
Package addrs contains types that represent "addresses", which are references to specific objects within a Terraform configuration or state. |
|
terraform/configs
Package configs contains types that represent Terraform configurations and the different elements thereof.
|
Package configs contains types that represent Terraform configurations and the different elements thereof. |
|
terraform/configs/configload
Package configload knows how to install modules into the .terraform/modules directory and to load modules from those installed locations.
|
Package configload knows how to install modules into the .terraform/modules directory and to load modules from those installed locations. |
|
terraform/configs/configschema
Package configschema contains types for describing the expected structure of a configuration block whose shape is not known until runtime.
|
Package configschema contains types for describing the expected structure of a configuration block whose shape is not known until runtime. |
|
terraform/experiments
Package experiments contains the models and logic for opt-in experiments that can be activated for a particular Terraform module.
|
Package experiments contains the models and logic for opt-in experiments that can be activated for a particular Terraform module. |
|
terraform/getproviders
Package getproviders is the lowest-level provider automatic installation functionality.
|
Package getproviders is the lowest-level provider automatic installation functionality. |
|
terraform/lang
Package lang deals with the runtime aspects of Terraform's configuration language, with concerns such as expression evaluation.
|
Package lang deals with the runtime aspects of Terraform's configuration language, with concerns such as expression evaluation. |
|
terraform/lang/blocktoattr
Package blocktoattr includes some helper functions that can perform preprocessing on a HCL body where a configschema.Block schema is available in order to allow list and set attributes defined in the schema to be optionally written by the user as block syntax.
|
Package blocktoattr includes some helper functions that can perform preprocessing on a HCL body where a configschema.Block schema is available in order to allow list and set attributes defined in the schema to be optionally written by the user as block syntax. |
|
terraform/modsdir
Package modsdir is an internal package containing the model types used to represent the manifest of modules in a local modules cache directory.
|
Package modsdir is an internal package containing the model types used to represent the manifest of modules in a local modules cache directory. |
|
terraform/registry/regsrc
Package regsrc provides helpers for working with source strings that identify resources within a Terraform registry.
|
Package regsrc provides helpers for working with source strings that identify resources within a Terraform registry. |
|
terraform/tfdiags
Package tfdiags is a utility package for representing errors and warnings in a manner that allows us to produce good messages for the user.
|
Package tfdiags is a utility package for representing errors and warnings in a manner that allows us to produce good messages for the user. |
|
terraform/typeexpr
Package typeexpr is a fork of github.com/hashicorp/hcl/v2/ext/typeexpr which has additional experimental support for optional attributes.
|
Package typeexpr is a fork of github.com/hashicorp/hcl/v2/ext/typeexpr which has additional experimental support for optional attributes. |
|
terraform/version
The version package provides a location to set the release versions for all packages to consume, without creating import cycles.
|
The version package provides a location to set the release versions for all packages to consume, without creating import cycles. |