Chef Blogs

GigaOm Recognizes Progress Chef as a Policy as Code Leader

Michelle Sebek | Posted on | Analyst Report | announcements | DevSecOps

We are proud to announce GigaOm is acknowledging Progress Chef as a Leader in the policy as code market within the DevSecOps sector. 

Chef is part of GigaOm's 2022 Radar for Policy as Code, and the Chef Enterprise Automation Stack (EAS) stands out to the research firm as a leader. 

Policy-as-Code solutions enable DevSecOps teams of any size to document and share security and compliance policies. The policies automate configuration and policy checks continuously. By automating configuration and policy in a single process, security and visibility are significantly improved. Utilizing Chef's policy-as-code approach increases the accuracy of risk assessments and speeds up the high-quality delivery of mission-critical applications.  

GigaOm recognizes the companies that are continuously pushing their technology within this sector. The firm created the Policy-as-Code Radar to showcase companies utilizing technology to improve an organization's complete DevSecOps stance.  

Enterprise Automation Stack

GigaOm details each component of the Chef Automation Stack. The firm concludes that not only is Chef Automation Stack an ideal policy-as-code solution for current users, but also that our open-source community will offer continued support for users unfamiliar with the platform.   

"For organizations that aren't yet using Chef tooling, it might be a big leap to use this solution solely for policy-as-code management," the GigaOm print states. "But for existing Chef users, leveraging InSpec for policy management and Chef Automate as the central control hub for automating regular compliance, drift, and remediation efforts could be a natural fit."  

Chef strongly focuses on the Enterprise market segment based on the Market Categories and Deployment model. The following section will explore Chef's Policy-driven automation (PDA), a way to automate IT (Information Technology) tasks with a clear policy. Development, operations, and security teams work to address the needs of organizations for more automation in their IT environments. Chef identifies what needs to be done by examining the policy that defines the task in question and then acting accordingly. 

Audit Reporting

Audit reporting is a crucial part of the compliance process, and it is also a way to ensure that the client can see what their business is doing and how it is managed. DevSecOps aims to incorporate security practices in the software development process so that these measures are not an afterthought. A DevSecOps tooling solution can help organizations to:   
  • Improve visibility into the security posture of their applications and infrastructure.   
  • Reduce the risk of vulnerabilities introduced into the software supply chain.   
  • Increase the speed at which vulnerabilities are detected, remediated, and reported.   
  • Improve the productivity and efficiency of their developers by reducing time spent on manual tasks such as code reviews, security testing, etc.

Shift-Left 

This 'shift-left' approach will ensure better efficiency, quality, and cost-effectiveness in SDLC (Software Development Life Cycle).   

Chef has capabilities that directly increase pipeline governance to reduce application and infrastructure vulnerabilities. It includes the following components:   

  • Assessment and continuous monitoring of vulnerabilities.
  • Automated deployment and configuration of applications and infrastructure to eliminate errors.
  • Automated vulnerability remediation
  • Security at scale

Download the entire GigaOm Radar for Policy as Code report to read the firm's thoughts on Chef.

 

Tags

Chef Automate Chef InSpec Infrastructure Management Policy as Code