PolicyPulse

PolicyPulse is a web app + CLI that enforces “security-as-code” across CI/CD without becoming a full-blown platform. It scans pull requests and pipeline configs (GitHub Actions, GitLab CI, Jenkinsfiles, Terraform plans) for policy violations like missing SAST gates, unsigned artifacts, overly broad IAM, secrets in env vars, and unpinned actions/images. It comments directly on PRs with exact fixes and blocks merges only when rules are truly high-risk. The product includes a lightweight policy library (OPA/Rego) with opinionated defaults mapped to common frameworks (CIS, NIST-lite), plus an exception workflow with expiry and audit trails. It’s realistic: you won’t beat Snyk/GitHub Advanced Security head-on, but you can win by being the “guardrails layer” that stitches existing tools into enforceable, measurable controls that auditors and engineering both accept.