Repository files navigation

Regula is no longer actively maintained. Most of the relevant code has beenmoved tosnyk/policy-engine whichis the engine powering the newSnyk IaC.

Tip: See all of our documentation atregula.dev!

• Regula
  • Introduction
  • Installation
    • Homebrew (macOS & Linux)
    • Prebuilt binary (all platforms)
    • Docker (all platforms)
    • From source
  • Usage
  • For more information

Regula is a tool that evaluates infrastructure as code files for potential AWS, Azure, Google Cloud, and Kubernetes security and compliance violations prior to deployment.

Regula supports the following file types:

• CloudFormation JSON/YAML templates
• Terraform source code
• Terraform JSON plans
• Kubernetes YAML manifests
• Azure Resource Manager (ARM) JSON templates(in preview)

Regula includes a library of rules written in Rego, the policy language used by theOpen Policy Agent (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included aGitHub Actions example so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, Google Cloud, and Kubernetes Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers atFugue.

Regula is also available as a Docker image on DockerHubhere.

More information is available atregula.dev.

To install Regula viaHomebrew:

brew tap fugue/regulabrew install regula

To upgrade Regula:

brew upgrade regula

1. Download the Regula archive for your platform from theReleases page.

2. Extract the downloaded archive.

3. Move the extractedregula binary to somewhere in your PATH:

   macOS:

   mv regula /usr/local/bin

   Linux:

   sudo mv regula /usr/local/bin

   Windows (cmd):

   md C:\regula\binmove regula.exe C:\regula\binsetx PATH "%PATH%;C:\regula\bin"

   Windows (PowerShell):

   md C:\regula\binmove regula.exe C:\regula\bin$env:Path += ";C:\regula\bin"# You can add '$env:Path += ";C:\regula\bin"' to your profile.ps1 file to# persist that change across shell sessions.

4. Windows users only: Close cmd and re-open it so the changes take effect.

5. You can now runregula.

Regula is available as a Docker image on DockerHubhere.

For usage, seeRunning Regula with Docker.

macOS, Linux, andWSL only

1. Install Go (v1.18+)

2. Build binary and move to/usr/local/bin/regula:

   make# this builds ./bin/regulamake install# this builds ./bin/regula and installs it to /usr/local/bin/regula

Once you've built the binary, execute the following to run tests:

git submodule update --init --recursivemake test

For a tutorial on using Regula with example IaC, seeGetting Started.

RegulaUsage:  regula [command]Available Commands:  completion        generate the autocompletion script for the specified shell  help              Help about any command  init              Create a new Regula configuration file in the current working directory.  repl              Start an interactive session for testing rules with Regula  run               Evaluate rules against infrastructure as code with Regula.  show              Show debug information.  test              Run OPA test with Regula.  version           Print version information.  write-test-inputs Persist dynamically-generated test inputs for use with other Rego interpretersFlags:  -h, --help      help for regula  -v, --verbose   verbose outputUse "regula [command] --help" for more information about a command.

For details about each command, including examples, seeUsage.

Visitregula.dev for more information about Regula, including:

• Regula's report output
• Integrations
• Writing andtesting custom rules
• Configuring waivers and disabling rules
• and more!