Category: DevSecOps

2 posts found

Jan 20, 2026

Policy-as-Code That Actually Blocks Risk: Rego guardrails for Terraform + Kubernetes, enforced in CI and at admission time

How to write high-value policies with Rego and enforce them in CI (pre-merge) and in Kubernetes (admission control) to prevent risky configurations from reaching production.

By Ali Elborey

Jan 20, 2026

DevSecOps

Provenance-First CI/CD: Add SLSA-style attestations + SBOM checks to one GitHub Actions pipeline

Most breaches aren't app bugs. They're compromised dependencies, poisoned build steps, and untrusted artifacts. This article shows how to add provenance attestations, signing, and SBOM policy gates to a GitHub Actions pipeline so you only ship verified artifacts.

By Yusuf Elborey

Sign In

Category: DevSecOps

Policy-as-Code That Actually Blocks Risk: Rego guardrails for Terraform + Kubernetes, enforced in CI and at admission time

Provenance-First CI/CD: Add SLSA-style attestations + SBOM checks to one GitHub Actions pipeline