Consent-Driven Continuous Delivery with Open Policy Agent and Spinnaker

Authors

  • Srikanth Gorle CVS Health, USA. Author
  • Prabhu Muthusamy Cognizant Technology Solutions, USA. Author
  • Rama Krishna Inampudi Citi, USA Author

DOI:

https://doi.org/10.60087/jklst.v4.n2.009

Abstract

Continuous Delivery (CD) pipelines require robust governance to balance automation with compliance, security, and auditability. Traditional manual approval processes introduce bottlenecks, while static policy enforcement lacks flexibility. This research introduces a consent-driven CD framework integrating Open Policy Agent (OPA)—a declarative policy engine—with Spinnaker, a leading open-source CD platform. The framework leverages OPA's dynamic policy-as-code capabilities to automate deployment consents based on contextual rules (e.g., security scans, environment risks, or regulatory requirements). By decoupling policy logic from Spinnaker's orchestration, our approach enables granular, auditable, and real-time consent decisions without halting pipelines for human intervention. We validate the solution through a case study demonstrating reduced deployment latency by 65%, elimination of manual approval backlogs, and consistent enforcement of organizational policies. The integration establishes a scalable, compliant CD workflow adaptable to evolving operational demands, proving that policy-driven automation enhances both velocity and governance in modern DevOps environments.

Downloads

Download data is not yet available.

References

. Continuous Delivery Foundation. (2023). Spin-naker: Multi-cloud Continuous Delivery Platform. https://spinnaker.io/docs/ (Accessed: 2023-11-15)

. Reitblatt, M., & Foster, N. (2022). Policy as Code: The Open Policy Agent Paradigm. ACM Transac-tions on Software Engineering, 31(4), 1-28. https://doi.org/10.1145/3522582

. Chen, L. (2021). Continuous Delivery Pipelines: How to Build Better Software Faster. Springer. ISBN: 978-1-4842-7221-2

. PCI Security Standards Council. (2022). PCI DSS v4.0 Policy Automation Guide.

https://www.pcisecuritystandards.org/document_library (Accessed: 2023-10-30)

. Verma, A., & Xu, Z. (2023). Scalable Policy Evaluation for Cloud-Native Systems. IEEE Cloud Computing, 10(2), 45-59.

. CapitalOne Tech. (2022). Spinnaker at Scale: 1500 Microservices Case Study. Proceedings of DevOps Enterprise Summit.

. NIST. (2023). Automated Security Validation Framework (SP 1800-37). https://csrc.nist.gov/publications/detail/sp/1800-37/final

. Styra, Inc. (2023). Rego Policy Language Ref-erence. https://www.openpolicyagent.org/docs/latest/policy-language/

. Goethals, T., & Baelen, S. (2023). Implementing DevSecOps with Policy Automation. O'Reilly Media.

. Zhang, Q., et al. (2024). Adaptive Policy Op-timization for Cloud Deployment Governance. ACM SIGSOFT Software Engineering Notes, 49(1).

. Burns, B., & Lu, K. (2022). Kubernetes Native Policy Control Patterns. CNCF White Paper.

. Deloitte. (2023). Global Regulatory Technol-ogy Report: Automation Trends.

https://www2.deloitte.com/globalautomationreport (Accessed: 2023-09-12)

. Forsgren, N., et al. (2021). Accelerate State of DevOps Report. Google Cloud.

https://cloud.google.com/devops

. AWS & GCP. (2023). Multi-cloud Deployment Benchmark Study.

https://aws.amazon.com/architecture/multicloud/

. CNCF SIG-Runtime. (2023). Policy-Driven CD Reference Architecture.

https://github.com/cncf/sig-runtime

Downloads

Published

05-07-2025

How to Cite

Gorle, S., Muthusamy, P., & Inampudi, R. K. . (2025). Consent-Driven Continuous Delivery with Open Policy Agent and Spinnaker. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 4(2), 102-112. https://doi.org/10.60087/jklst.v4.n2.009