Secure your GitOps Workflows without any compromise
This is the source code for Fensak, a service that allows users to apply security best practices to GitOps workflows without any compromises.
GitOps best practices require that everything about the application infrastructure is managed as code. Naturally, this means that any form of deployment requires a commit to the source repository. But this can quickly conflict with Continuous Delivery where you want to automate deployments without humans in the loop.
Fensak allows you confidently configure GitOps with protected branches through:
- Automatic approval: Selectively auto-approves the changes that pertain to continuous delivery. Only allow through the trivial routine deployments.
- Required reviews: Anything that fails auto-approval will require manual review to proceed. You can specify how many manual approvals substantial changes should require.
- Fully customizable: Fensak's approval rules engine is extensible using custom JavaScript functions. Maintain full control over what changes should be approved automatically.
Learn more at fensak.io and docs.fensak.io.
The easiest way to get started with Fensak is with our official GitHub App, backed by our hosted managed service. Check out our Getting started guide for a quick overview of installing the app, configuring it, and getting going with auto-approving your Continuous Delivery Pull Requests.
If you are using Fensak as a user, refer to our .fensak repository reference for instructions on what you need to configure Fensak, including writing custom rules.
For examples of user defined rules including ideas on specific rules to implement and how to test them, refer to the fensak-rules-examples repo. Also check out our Writing rules scripts guide.
Fensak is built in TypeScript targeting the Deno runtime.
Please create a GitHub discussion if you want to:
- report issues with the hosted Fensak service
- get any kind of help, like setting up Fensak, writing custom rules, or using Fensak in general
- provide product feedback and suggestions
Please create a GitHub issue to report bugs and issues with the source code, including self-hosting and using the functions for testing.
Do not open an issue to report security issues. Instead, please review our Security Policy.
If you are a paying customer of our GitHub App, and have questions about your account, or have any kind of billing releated inquiry, please email [email protected].
SPDX-License-Identifier: AGPL-3.0-or-later OR BUSL-1.1
Fensak is dual-licensed under the AGPL 3.0 (or any later version) and Business Source License 1.1 (with no Additional Use Grant). Refer to the corresponding LICENSE files for the full parameters of either license:
Dual licensing means that you can use the code under the terms of either license.
For example, if you are using this to test your rules functions and you do not want to be bound by the terms of the AGPL license (and thus be forced to release the source code of your rules), you can license the Fensak testing code under the BUSL 1.1 license.
On the other hand, if you wish to self host an instance of Fensak for internal use, then you can license Fensak under the terms of the AGPL 3.0 (or later) license. You can not self host an instance of Fensak under the BUSL 1.1 license since it does not allow any additional use grant for production usage.
Refer to the License FAQ for more information.