ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.
Fugue has open sourced the Fugue Rego Toolkit (Fregot) to enhance the experience working with the Rego policy language.
Fregot enables developers to easily evaluate Rego expressions, debug code, and test policies. Rego is part of the Open Policy Agent (OPA) policy engine, which Fugue adopted this year as its policy as code implementation for cloud security and compliance.
Developed as an alternative to Open Policy Agent’s (OPA) built-in interpreter, Fregot provides error handling that is easy to understand and manage with step-by-step debugging. Additionally, Fregot speeds up the development feedback loop by watching Rego and input files for changes and enabling quick incremental loads. You can use Fregot to validate nearly any kind of JSON or YAML file against Rego policy.
Fugue created Fregot internally as a lightweight set of tools to enhance the Rego development experience. It provides:
- Just the Rego language implementation rather than the full OPA agent
- Useful tools to debug Rego queries and modules
- Enhanced error messages to aid in correcting Rego expressions
- Ease of extending and experimenting with new language features
“Fugue’s SaaS product for cloud infrastructure visibility and security uses Rego and OPA at scale, performing more than 100 million policy evaluations every day and providing our customers with a simple way to create custom policies for cloud infrastructure,” said Josh Stella, co-founder and CTO of Fugue. “We developed Fregot to speed the implementation of these evaluations and provide our customers and the community with useful tools to develop and test policies using the Rego policy language.”