Open Policy Agent (OPA) is an open source, general-purpose policy engine.
-
Updated
May 17, 2024 - Go
The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.
What is OPA
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
Write tests against structured configuration data using the Open Policy Agent Rego query language
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Automation to assess the state of your M365 tenant against CISA's baselines
Integrations, examples, and proof-of-concepts that are not part of OPA proper.
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
Flux v1: Manage a multi-tenant cluster with Flux and Kustomize
A curated list of OPA related tools, frameworks and articles
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
A policy management tool for interacting with Gatekeeper
Open Policy Agent WebAssembly NPM module (opa-wasm)
Traefik plugin which checks JWT tokens for required fields. Supports Open Policy Agent (OPA) and signature validation with JWKS
Regal is a linter for Rego, with the goal of making your Rego magnificent!
This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kubernetes benchmark.
Open Policy Agent (OPA) plug-in for Kafka authorization
OPA-Envoy-SPIRE External Authorization Example.
This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)
DevSpace Cloud ⚡ Turn Kubernetes into a Powerful Developer Platform (new on-premise edition)
Policies that are to be enforced by GateKeeper for the Cloud Native Platform