Skip to content

DevSec For Scale Podcast – Policy-as-Code w/ Eran Bibi, Firefly

In this episode of the “DevSec for Scale” podcast, Jeremy Hess interviews Eran Bibi, co-founder and Chief Product Officer at Firefly, about “policy as code” and its role in enhancing security for growing companies. They discuss how policy as code allows developers to define and enforce policies using code, integrating these policies within the CI/CD pipeline to ensure that deployments meet security and best practices. This methodology contrasts with traditional manual policy enforcement, offering a more efficient and scalable solution.

Eran elaborates on the benefits and challenges of policy as code, highlighting its ability to provide control over deployments and leverage community-contributed policies. However, he notes that overly strict policies can slow down development, emphasizing the need to balance enforcement with maintaining development velocity. Eran shares his background in DevOps and his journey to co-founding Firefly, a cloud asset management tool that helps users manage their cloud environments and ensure infrastructure is managed as code.

Firefly uses its own product to ensure their cloud assets adhere to best practices, demonstrating their commitment to security. Eran discusses how startups can implement policy as code using tools like Open Policy Agent (OPA) and community resources, providing real-time feedback on code security and configuration issues through IDE plugins. He stresses the importance of integrating security practices early in the development process to avoid costly issues later.

Additionally, Eran introduces Firefly’s new open-source project, Valid IAC, which combines security scanning, linting, and cost projection for infrastructure as code. This project aims to provide a comprehensive tool for developers to ensure their infrastructure meets security standards. The episode underscores the value of integrating security into the development lifecycle without disrupting workflows, enabling startups to scale securely and efficiently.

Subscribe to Newsletter
  • EncryptionKeyManagement_BestSupport_Enterprise_QualityOfSupport
  • PrivilegedAccessManagement(PAM)_HighPerformer_Enterprise_HighPerformer
  • PrivilegedAccessManagement(PAM)_EasiestAdmin_Enterprise_EaseOfAdmin
  • users-love-us

© 2025 AKEYLESS. All rights reserved