Repository navigation
Open Policy Agent
The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.
Community & Support
What is OPA
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
Write tests against structured configuration data using the Open Policy Agent Rego query language
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Automation to assess the state of your M365 tenant against CISA's baselines
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
A curated list of OPA related tools, frameworks and articles
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
A policy management tool for interacting with Gatekeeper
Integrations, examples, and proof-of-concepts that are not part of OPA proper.
Regal is a linter and language server for Rego, bringing your policy development experience to the next level!
SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
Scan Kubernetes resource files , and helm charts for security configurations issues and best practices.
Style guide for Rego
Flux v1: Manage a multi-tenant cluster with Flux and Kustomize
This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kubernetes benchmark.
Create Kubernetes AdmissionReview requests from Kubernetes resource manifests
Open Policy Agent WebAssembly NPM module (opa-wasm)
Traefik plugin which checks JWT tokens for required fields. Supports Open Policy Agent (OPA) and signature validation with JWKS
An extension for VS Code which provides support for OPA and the Rego policy language