Open Policy Agent (OPA) is an open source, general-purpose policy engine.
-
Updated
Nov 24, 2024 - Go
The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.
What is OPA
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
Write tests against structured configuration data using the Open Policy Agent Rego query language
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
Automation to assess the state of your M365 tenant against CISA's baselines
A curated list of OPA related tools, frameworks and articles
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
A policy management tool for interacting with Gatekeeper
Integrations, examples, and proof-of-concepts that are not part of OPA proper.
Regal is a linter and language server for Rego, bringing your policy development experience to the next level!
Scan Kubernetes resource files , and helm charts for security configurations issues and best practices.
Style guide for Rego
Flux v1: Manage a multi-tenant cluster with Flux and Kustomize
This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kubernetes benchmark.
SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
Open Policy Agent WebAssembly NPM module (opa-wasm)
An extension for VS Code which provides support for OPA and the Rego policy language
Create Kubernetes AdmissionReview requests from Kubernetes resource manifests
DevSpace Cloud ⚡ Turn Kubernetes into a Powerful Developer Platform (new on-premise edition)