Write Terraform policies in natural language instead of Rego / OPA
a year ago
- #Infrastructure as Code
- #GitHub
- #Security
- Infrabase is a GitHub app for detecting security issues and misconfigurations in IaC pull requests.
- Policies can be written in natural language, avoiding the complexity of OPA/Rego/Sentinel.
- Setup involves creating an account, forking the example repo (optional), and installing the GitHub app.
- Infrabase uses an LLM (gemini-2.5-pro-preview-05-06) to check infrastructure against policies.
- Example policy: No duplicate AWS security group ingress rules allowed.
- Supports multiple IaC tools including Terraform, OpenTofu, CDK, CloudFormation, and Pulumi.
- Features include sensible defaults, no need for state/cloud access, and integration with GitHub Advanced Security.
- Policies are stored as markdown files in a 'policies' folder, structured with clear headings and details.
- Rules can be grouped by topic (e.g., security.md, style.md) for better organization.