Redwood City, CA, USA
Oct 14, 2021   |  By Bill Mann
Securing investors is always a challenge for startups. But for open-source companies, it’s even harder. Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open source, it can be difficult to find VCs with the required experience and knowledge. Those of us in the open-source community know it’s not just about the money — it’s also about continuing to grow the community.
Oct 7, 2021   |  By Anders Eknert
A problem that is often discussed in the context of policy-as-code is how to get more people other than developers involved in policy authoring. Policy as code is still code, and while tooling and abstractions can help to some extent, the process still involves at least some level of development knowledge.
Oct 5, 2021   |  By Kurt Roekle
Back at KubeCon North America 2017, many speakers declared that 2018 would be “The Year of the Service Mesh”. Just a year later, in the 2019 CNCF Survey1, it was reported that 18% of surveyed organizations were using a service mesh in production, and by 20202 (the most recent survey published at the time of this writing) that number rose to 27%.
Sep 29, 2021   |  By Anitha Muthu
We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more.
Sep 28, 2021   |  By John Snow
Authorization is a critical part of developing any application. When building an app, at some point you will want to control the data and views that a user or system has access to, and one way you can do that is by writing authorization directly into your app. However, over time this can be challenging to manage because when you make changes to your authorization policies you also need to make changes to the application.
Sep 21, 2021   |  By Josh O'Brien
One of the most critical aspects of managing policy-as-code at scale is ensuring safety when deploying policy changes to production workloads. A misconfiguration or errant rule can lead to consequences such as overly permissive systems, service outages, and other forms of application or platform issues.
Sep 17, 2021   |  By Gustaf Kaijser
It has been one year since I joined Styra as the first European hire, and what a year it has been! Not only have we significantly grown our customer footprint with enterprises such as Zalando, European Patent Office and Extenda Retail, but the EMEA team has been growing at a rapid pace across engineering, sales and customer success and open source! I thought I’d share some takeaways on the industry / market from my interactions with customers and the community.
Sep 14, 2021   |  By Torin Sandall
It’s been a great year so far for the Open Policy Agent (OPA) project and community. OPA achieved graduated status in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project's long-term roadmap in the right direction.
Aug 19, 2021   |  By Corin Imai
Not only has cloud native transformed the velocity in which organizations execute and maintain business operations, but it has also redefined storage, network and compute. From the infrastructure that IT operations maintains, to the applications that supply customers with the ability to interact with their data—DevOps teams have to deliver more services than ever, and they have to do it fast, with little to no error. Easy, right?
Aug 11, 2021   |  By Adam Sandor
Cloud native tooling for authorization is an emerging trend poised to revolutionize how we approach this oft-neglected part of our applications. Open Policy Agent (OPA) is the leading contender to become a de-facto standard for applying policies to many different systems — from workloads running on Kubernetes to requests passing through Istio.
Oct 5, 2021   |  By Styra
Upbound Crossplane with Styra Declarative Authorization Service (DAS) allows developers to elegantly provision infrastructure while preventing unsecure configuration. Crossplane applied to Kubernetes with Open Policy Agent (OPA) and Styra DAS can efficiently and effectively apply policy for centralized code and enforcement.
Dec 4, 2019   |  By Styra
From the Open Policy Agent Summit at KubeCon, Michael Sorens from Chef discusses how OPA provides granular authorization within applications:
Dec 4, 2019   |  By Styra
From the Open Policy Agent Summit at KubeCon, Jeremy Krach and Will Fu discuss how OPA policies are authored, distributed, and utilized at Pinterest (service mesh, kafka, internal tools). They also cover lessons learned in the process.
Dec 4, 2019   |  By Styra
From the Open Policy Agent Summit at KubeCon, Luke Massa from TripAdvisor discusses how he leveraged OPA’s API and unit test framework. The example shown is a system in which you write k8s admission policy alongside some mock changes to the cluster, some of which should be accepted and some of which should not be, and then run code that tells you whether your policy matches your expectation.
Dec 4, 2019   |  By Styra
From the Open Policy Agent Summit at KubeCon, Chris Stivers and Nicholas Higgins from Atlassian walk through their journey building a global authorization platform with Open Policy Agent and the help of Fluentd, S3, CDN's, Amazon Kinesis, and many more.
Dec 4, 2019   |  By Styra
From the Open Policy Agent Summit at KubeCon, Jiummy Ray from CapitalOne discusses how you can satisfy compliance, governance, and security requirements effectively with OPA.
Jan 14, 2019   |  By Styra
Tim Hinrichs, CTO of Styra and Co-founder of Open Policy Agent, live codes an OPA policy that enforces total memory limits on pods in Kubernetes.
Jan 14, 2019   |  By Styra
Tim Hinrichs, CTO of Styra and Co-founder of Open Policy Agent, live codes an OPA policy for Kubernetes admission control. The policy requires an owner label on every resource and forcibly guarantees imagePullPolicy is set to Always.

Styra is the fastest and easiest way to put guardrails around your Kubernetes clusters--whether you’re a developer, an admin, or a bit of both.

Built on open-source, and declarative by design, Styra’s simple graphical library of customizable policies lets you easily mitigate risks, reduce human error, and accelerate development.

Security-as-code for Kubernetes:

  • Declarative by design: Manually “doing security” in today’s cloud-native environments is like a never-ending game of whack-a-mole. Styra works with Kubernetes to define, enforce, and monitor desired state, and eliminate the runtime guessing game.
  • Dynamic rules for dynamic environments: Simply put, Styra takes in business context, and outputs security decisions across your namespaces and clusters. Build policy-as-code directly via CLI, or with a simple point-and-click editor, and validate security before committing.
  • Portable, powerful policy: Styra allows you to define policy once, then enforce wherever necessary. No more best-effort security, no more policy silos. Built on the Open Policy Agent (the leading open source policy engine), enforcement is accurate, fast, and simple.

Policy-as-code guardrails to eliminate operational, security, and compliance risk