Use Cases

Platform Operators

Define Application Policies
In A Standard And Declarative Way

As you scale clusters, teams, and applications, enforcing and reporting on application security policies. It becomes difficult, creates friction, and exposes your applications and environment to risks.

Shipa’s approach to policy as code enables platform operators to easily define policy frameworks and enforce application-level governance using a standard definition across tools such as Terraform, Pulumi, Crossplane, ArgoCD, and FluxCD.

Watch Demo

Use Cases

Standard Policy Definition

Define and store policy frameworks using a standard definition across tools such as Pulumi, Crossplane, and Terraform.

Application Audit

Visualize policy frameworks defined and report on the status of application security.

Pipeline Integration

Enable security early in the process by embedding Shipa’s policy as code into your CI/CD and GitOps pipelines.

Start For Free Tour

The Basic Process


Sign-up for a free account of Shipa Cloud to get started immediately.

Create A Policy

Create policy frameworks to describe policies used during application deployments.

Bind The Policy

Connect your pipeline to the policy framework and bind it to a Kubernetes cluster or Linux VM.

Manage Security

Visualize and report on how the deployed applications are complying with the policies defined.

Start For Free Learn More

Platform Operators

Secure, Automated, And Scalable

Reduce security risks by defining a fully customized set of application controls using a standard definition and consistently applying them across CI/CD pipelines and GitOps.

Shipa’s policy framework continuously monitors your applications to ensure there are no violations.


Network Policies

Define application default ingress and egress policies without having to create and maintain complex ingress rules.

Enable DevSecOps

Continuously report on policies defined and how applications comply with them, enabling a DevSecOps model.

Access Controls

Implement a detailed RBAC model and define which teams can deploy and manage applications to which environment or namespace.

Registry Control

Implement controls on which container registries can be used by developers when deploying their applications.

Security Scanning

Define security scan levels for applications deployed and specify vulnerabilities that should be treated as exceptions, if any.

Resource and Quota Control

Define application resource consumption and quota limits to be automatically applied to applications deployed.


Are your applications secured end-to-end?

Enabling Trust Driven Development – Shipa Insights

Shipa Product Updates – June 2022