Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

The Compliance Validator

License

NotificationsYou must be signed in to change notification settings

tetrateio/lula

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Lula DocumentationGo versionOpenSSF Scorecard

lula logo

Lula is a tool designed to bridge the gap between expected configuration required for compliance andactual configuration.

Key Features

  • Assess compliance of a system against user-defined controls
  • Evaluate an evolving system for complianceover time
  • Generate machine-readible OSCAL artifacts
  • Accelerate the compliance and accreditation process

Why Lula is different than a standard policy engine

  • Lula is not meant to compete with policy engines - rather augment the auditing and alerting process
  • Often admission control processes have a difficult time establishingbig picture global context control satisfaction, Lula fills this gap
  • Lula is meant to allow modularity and inheritance of controls based upon the components of the system you build

Overview

Cloud-Native Infrastructure, Platforms, and Applications can establishOSCAL documents that are maintained alongside source-of-truth code bases. These documents provide an inheritance model to prove when a control that the technology can satisfyIS satisfied in a live-environment.

These controls can be well established and regulated standards such as NIST 800-53. They can also be best practices, Enterprise Standards, or simply team development standards that need to be continuously monitored and validated.

Lula operates on a framework of proof by adding custom overlays mapped to the these controls,Lula Validations, to measure system compliance. TheseValidations are constructed by establishing the collection of measurements about a system, given by the specifiedDomain, and the evaluation of adherence, performed by theProvider.

Providers and Domains

Domain is the identifier for where and which data to collect as "evidence". Below are the active and planned domains:

DomainCurrentRoadmap
Kubernetes-
API-
File-
Cloud Infrastructure

Provider is the "engine" performing the validation using policy and the data collected. Below are the active providers:

ProviderCurrentRoadmap
OPA-
Kyverno-

Getting Started

Install Lula and check out theSimple Demo to get familiar with Lula'svalidate andevaluate workflow to assess system compliance and establish thresholds. See the other tutorials for more advanced Lula use cases and information on how to develop your ownLula Validations!

Communication

For more information on how to get involved in the community, mailing lists andmeetings, please refer to ourcommunity page

For security issues or code of conduct concerns, an e-mail should be sent tolula@defenseunicorns.com.

About

The Compliance Validator

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go99.6%
  • Other0.4%
[8]ページ先頭
©2009-2025 Movatter.jp