I'm looking at incorporating a set of Policies for our workloads on Azure and found https://kics.io/. Has anyone incorporated this into their Pulumi based systems? If so, would you mind sharing your experiences?

I haven’t worked with it (yet, will probably take it for a spin), but it looks like it only supports Pulumi YAML.

This looks incredibly useful, but sadly it only having support for YAML really hampers its relevance. I'll be keeping an eye on it, though!

Agreed, that would be a good avenue of integration to explore

I'm considering seeing if I can find a way to allow it to support Pulumi's plans

Yes! That's what I was referring to

There is a slight issue with using Update plans and that is if you introduce "new" policies that affect resources that were already provisioned, you won't be able to pick up issues with those?