Styra Repo Scan provides near-instant scanning of configuration files in GitHub

SECURITY

Cloud-native authorization startup Styra Inc., the founders of Open Policy Agent, an open-source engine for unifying policy enforcement across the software stack, today announced Repo Scan, a service that provides near-instant scanning of configuration files in GitHub.

Styra argues that software supply chain security — looking across each component of software to identify and address risk — must include detailed scanning of all the configuration files that govern how the application and cloud interact. With Repo Scan, Styra now provides what it says is a simple, efficient way for developers and platform teams to check their configuration files for human error, mismanagement or simple deployment gaps.

Repo Scan, offered as part of the Styra Declarative Authorization Service, gives platform teams a near-instant solution for scanning policy-as-code files in GitHub, then quickly finds and flags issues to minimize the possibility of risk to security, compliance or availability. The capability allows customers to promptly find errors within seconds and prove those errors have been fixed with dynamic compliance reporting.

Using Repo Scan, developers are empowered to enable tooling diversity using an OPA-based policy that is fully extensible across platforms and tooling. Another feature is enhanced productivity with automated policy enforcement that monitors and enforces policy guardrails from GitHub check-in to continuous integration and continuous deployment to production deployment.

The product ensures potential attackers cannot exploit configuration errors and “walk through the front door” of today’s software-defined infrastructure.

“No human can keep up with scanning thousands of lines of code, with infinite repetition, to ensure configuration changes and app updates don’t have unintended consequences,” Chris Hendrix, director of product management at Styra, said in a statement. “This new addition to Styra DAS lets our customers shift their security policy left, all the way to code check-in time, to catch errors even earlier, and remediate risk from the start.”

The company provides an authorization platform built on OPA to provide access control and security across cloud-native applications and systems. Originally focused on policy-as-code guardrails for Kubernetes, Styra has extended its policy-based authorization to microservices, gateways and cloud-native entitlements management.

Previous releases include Styra Run, a cloud service aimed at helping developers implement authorization features in their applications with less effort, in July. The company also added Terraform support in 2021.

Chief Executive Bill Mann spoke to theCUBE, SiliconANGLE Media’s video studio, in July 2020, explaining that enterprises and vendors are embracing Styra’s authorization solutions. OPA contributors include Google LLC, Microsoft, Cisco Systems Inc. and Goldman Sachs.

Image: Styra