Security as Code

Security rules were scattered across wikis, tickets, and out-of-date Confluence pages. Developers shipped code fast, but no one could be sure the system matched the manpages or that permissions hadn’t drifted. This is the daily risk when security exists as folklore rather than as executable truth.

Security as Code fixes that. It makes your operational and compliance rules live in the same place and language as your codebase. It creates a single, authoritative source of rules, always version-controlled, always reviewable. And when you combine this with manpages as code, you don’t just write instructions—you enforce them.

Imagine every CLI command, every admin action, every system permission defined in manpages that are machine-readable. They’re no longer static text; they’re the source of both human-readable docs and automated policy enforcement. If a command needs elevated privileges, the page defines exactly what those privileges are—and your system checks them before running.

This changes the game for auditability. You can prove, line by line, what the intended state is and whether the live environment matches it. Changes are peer-reviewed in pull requests, so a bad command or insecure flag can’t sneak in quietly. Rollback is as simple as reverting to a previous commit.

Security drift vanishes because the docs are the control plane. Engineers stop guessing. Operations stop firefighting ancient misconfigurations. Compliance reports write themselves, because the manpages are the compliance.

Tools alone don’t make it happen—you need a platform that treats your manpages as the same kind of living artifact as your code. hoop.dev lets you do this in minutes, wiring your manpages directly into your workflow, so security checks and documentation are always in sync.

Stop letting your documentation age in a corner. Make your manpages executable. Make your security real. See it live today at hoop.dev—and turn your rules into running code before your next deploy.