TL;DR — This post talks about my learnings on building a generic Policy Decision Platform using Open Policy Agent that’s been integrated at various points (CI/CD platform, pre-commit hooks etc) in the development pipeline to detect and prevent security misconfigurations. This is a foundational piece in moving an organization to a standard based security posture and also a platform component needed in moving an enterprise to a zero-trust model

I first came across Open Policy Agent (OPA) in late 2017 from an old colleague of mine who was looking at OPA as a way to enforce authorization for their platform’s…


A curious being! :) I enjoy doing Security stuff and fortunately make my living doing it. The contents I share here are my own and not the views of my employer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store