{"id":13407976,"url":"https://github.com/open-policy-agent/opa","last_synced_at":"2026-01-29T19:19:32.256Z","repository":{"id":36954527,"uuid":"48714685","full_name":"open-policy-agent/opa","owner":"open-policy-agent","description":"Open Policy Agent (OPA) is an open source, general-purpose policy engine.","archived":false,"fork":false,"pushed_at":"2025-05-12T11:57:48.000Z","size":1089247,"stargazers_count":10227,"open_issues_count":394,"forks_count":1413,"subscribers_count":130,"default_branch":"main","last_synced_at":"2025-05-12T16:15:58.437Z","etag":null,"topics":["authorization","cloud-native","compliance","declarative","doge","json","lolcat","opa","open-policy-agent","policy"],"latest_commit_sha":null,"homepage":"https://www.openpolicyagent.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/open-policy-agent.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-12-28T22:08:25.000Z","updated_at":"2025-05-12T13:49:38.000Z","dependencies_parsed_at":"2025-05-03T07:36:18.254Z","dependency_job_id":null,"html_url":"https://github.com/open-policy-agent/opa","commit_stats":{"total_commits":4804,"total_committers":472,"mean_commits":"10.177966101694915","dds":0.6232306411323897,"last_synced_commit":"ea7a3e13c8fdceadeb199904facb4990fcb010f8"},"previous_names":[],"tags_count":188,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-policy-agent%2Fopa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-policy-agent%2Fopa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-policy-agent%2Fopa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-policy-agent%2Fopa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/open-policy-agent","download_url":"https://codeload.github.com/open-policy-agent/opa/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253774585,"owners_count":21962199,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","cloud-native","compliance","declarative","doge","json","lolcat","opa","open-policy-agent","policy"],"created_at":"2024-07-30T20:00:49.920Z","updated_at":"2026-01-16T13:43:08.251Z","avatar_url":"https://github.com/open-policy-agent.png","language":"Go","readme":"# ![logo](./logo/logo-144x144.png) Open Policy Agent\n\n[![Build Status](https://github.com/open-policy-agent/opa/workflows/Post%20Merge/badge.svg)](https://github.com/open-policy-agent/opa/actions) [![Go Report Card](https://goreportcard.com/badge/github.com/open-policy-agent/opa)](https://goreportcard.com/report/github.com/open-policy-agent/opa) [![CII Best Practices](https://www.bestpractices.dev/projects/1768/badge)](https://www.bestpractices.dev/en/projects/1768/passing) [![Netlify Status](https://api.netlify.com/api/v1/badges/4a0a092a-8741-4826-a28f-826d4a576cab/deploy-status)](https://app.netlify.com/sites/openpolicyagent/deploys)\n\nOpen Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.\n\nOPA is proud to be a graduated project in the [Cloud Native Computing Foundation](https://www.cncf.io/) (CNCF) landscape. For details read the CNCF [announcement](https://www.cncf.io/announcements/2021/02/04/cloud-native-computing-foundation-announces-open-policy-agent-graduation/).\n\n## Get started with OPA\n\n- Write your first Rego policy with the [Rego Playground](https://play.openpolicyagent.org) or use it to share your work with others for feedback and support. Have a look at the [Access Control examples](https://play.openpolicyagent.org/?example-group=access-control) if you're not sure where to start.\n- Install the [VS Code extension](https://marketplace.visualstudio.com/items?itemName=tsandall.opa) to get started locally with live diagnostics, debugging and formatting. See [Editor and IDE Support](https://www.openpolicyagent.org/docs/editor-and-ide-support) for other supported editors.\n- Go to the [OPA Documentation](https://www.openpolicyagent.org/docs) to\n  learn about the Rego language as well as how to deploy and integrate OPA.\n- Check out the learning resources in the [Learning Rego](https://www.openpolicyagent.org/ecosystem/by-feature/learning-rego) section of the ecosystem directory.\n- Follow the [Running OPA](https://www.openpolicyagent.org/docs/latest/#running-opa) instructions to get started with the OPA CLI locally.\n- See [Docker Hub](https://hub.docker.com/r/openpolicyagent/opa/tags/) for container images and the [GitHub releases](https://github.com/open-policy-agent/opa/releases) for binaries.\n- Check out the [OPA Roadmap](https://docs.google.com/presentation/d/16QV6gvLDOV3I0_guPC3_19g6jHkEg3X9xqMYgtoCKrs/edit?usp=sharing) to see a high-level snapshot of OPA features in-progress and planned.\n\n## Want to talk about OPA or get support?\n\n- Join the [OPA Slack](https://slack.openpolicyagent.org) to talk to other OPA users and maintainers. See `#help` for support.\n- Check out the [Community Discussions](https://github.com/orgs/open-policy-agent/discussions) to ask questions.\n- See the [Support](https://www.openpolicyagent.org/support) page for commercial support options.\n\n## Interested to learn what others are doing with OPA?\n\n- Browse community projects on the [OPA Ecosystem Directory](https://www.openpolicyagent.org/ecosystem) - don't forget to [list your own](https://github.com/open-policy-agent/opa/tree/main/docs#opa-ecosystem)!\n- Check out the [ADOPTERS.md](./ADOPTERS.md) file for a list of production adopters. Does your organization use OPA in production? Support the OPA project by submitting a PR to add your organization to the list with a short description of your OPA use cases!\n\n## Want to integrate OPA?\n\n- See the high-level [Go SDK](https://www.openpolicyagent.org/docs/latest/integration/#integrating-with-the-go-sdk) or the low-level Go API\n  [![GoDoc](https://godoc.org/github.com/open-policy-agent/opa?status.svg)](https://godoc.org/github.com/open-policy-agent/opa/rego)\n  to integrate OPA with services written in Go.\n- See the [REST API](https://www.openpolicyagent.org/docs/rest-api.html)\n  reference to integrate OPA with services written in other languages.\n- See the [integration docs](https://www.openpolicyagent.org/docs/latest/integration/) for more options.\n\n## Want to contribute to OPA?\n\n- Read the [Contributing Guide](https://www.openpolicyagent.org/docs/latest/contributing/) to learn how to make your first contribution.\n- Use [#contributors](https://openpolicyagent.slack.com/archives/C02L1TLPN59) in Slack to talk to other contributors and OPA maintainers.\n- File a [GitHub Issue](https://github.com/open-policy-agent/opa/issues) to request features or report bugs.\n\n## How does OPA work?\n\nOPA gives you a high-level declarative language to author and enforce policies\nacross your stack.\n\nWith OPA, you define _rules_ that govern how your system should behave. These\nrules exist to answer questions like:\n\n- Can user X call operation Y on resource Z?\n- What clusters should workload W be deployed to?\n- What tags must be set on resource R before it's created?\n\nYou integrate services with OPA so that these kinds of policy decisions do not\nhave to be _hardcoded_ in your service. Services integrate with OPA by\nexecuting _queries_ when policy decisions are needed.\n\nWhen you query OPA for a policy decision, OPA evaluates the rules and data\n(which you give it) to produce an answer. The policy decision is sent back as\nthe result of the query.\n\nFor example, in a simple API authorization use case:\n\n- You write rules that allow (or deny) access to your service APIs.\n- Your service queries OPA when it receives API requests.\n- OPA returns allow (or deny) decisions to your service.\n- Your service _enforces_ the decisions by accepting or rejecting requests accordingly.\n\nFor concrete examples of how to integrate OPA with systems like\n[Kubernetes](https://www.openpolicyagent.org/docs/kubernetes),\n[Terraform](https://www.openpolicyagent.org/docs/terraform),\n[Docker](https://www.openpolicyagent.org/docs/docker-authorization),\n[SSH](https://www.openpolicyagent.org/docs/ssh-and-sudo-authorization),\nand more, see [openpolicyagent.org](https://www.openpolicyagent.org).\n\n## Presentations\n\n- Open Policy Agent (OPA) Intro \u0026 Deep Dive @ Kubecon NA 2023: [video](https://www.youtube.com/watch?v=wJkjsvVpj_Q)\n- Open Policy Agent (OPA) Intro \u0026 Deep Dive @ Kubecon EU 2023: [video](https://www.youtube.com/watch?v=6RNp3m_THw4)\n- Running Policy in Hard to Reach Places with WASM \u0026 OPA @ CN Wasm Day EU 2023: [video](https://www.youtube.com/watch?v=BdeBhukLwt4)\n- OPA maintainers talk @ Kubecon NA 2022: [video](https://www.youtube.com/watch?v=RMiovzGGCfI)\n- Open Policy Agent (OPA) Intro \u0026 Deep Dive @ Kubecon EU 2022: [video](https://www.youtube.com/watch?v=MhyQxIp1H58)\n- Open Policy Agent Intro @ KubeCon EU 2021: [Video](https://www.youtube.com/watch?v=2CgeiWkliaw)\n- Using Open Policy Agent to Meet Evolving Policy Requirements @ KubeCon NA 2020: [video](https://www.youtube.com/watch?v=zVuM7F_BTyc)\n- Applying Policy Throughout The Application Lifecycle with Open Policy Agent @ CloudNativeCon 2019: [video](https://www.youtube.com/watch?v=cXfsaE6RKfc)\n- Open Policy Agent Introduction @ CloudNativeCon EU 2018: [video](https://youtu.be/XEHeexPpgrA), [slides](https://www.slideshare.net/TorinSandall/opa-the-cloud-native-policy-engine)\n- Rego Deep Dive @ CloudNativeCon EU 2018: [video](https://youtu.be/4mBJSIhs2xQ), [slides](https://www.slideshare.net/TorinSandall/rego-deep-dive)\n- How Netflix Is Solving Authorization Across Their Cloud @ CloudNativeCon US 2017: [video](https://www.youtube.com/watch?v=R6tUNpRpdnY), [slides](https://www.slideshare.net/TorinSandall/how-netflix-is-solving-authorization-across-their-cloud).\n- Policy-based Resource Placement in Kubernetes Federation @ LinuxCon Beijing 2017: [slides](https://www.slideshare.net/TorinSandall/policybased-resource-placement-across-hybrid-cloud), [screencast](https://www.youtube.com/watch?v=hRz13baBhfg\u0026feature=youtu.be)\n- Enforcing Bespoke Policies In Kubernetes @ KubeCon US 2017: [video](https://www.youtube.com/watch?v=llDI8VvkUj8), [slides](https://www.slideshare.net/TorinSandall/enforcing-bespoke-policies-in-kubernetes)\n- Istio's Mixer: Policy Enforcement with Custom Adapters @ CloudNativeCon US 2017: [video](https://www.youtube.com/watch?v=czZLXUqzd24), [slides](https://www.slideshare.net/TorinSandall/istios-mixer-policy-enforcement-with-custom-adapters-cloud-nativecon-17)\n\n## Security\n\nA third party security audit was performed by Cure53, you can see the full report [here](SECURITY_AUDIT.pdf).\n\nPlease report vulnerabilities by email to [open-policy-agent-security](mailto:open-policy-agent-security@googlegroups.com).\nWe will send a confirmation message to acknowledge that we have received the\nreport and then we will send additional messages to follow up once the issue\nhas been investigated.\n","funding_links":[],"categories":["Policy as Code","Go","Misc","开源类库","Policy as code","json","Security \u0026 Compliance","Uncategorized","Open source library","Other Awesome Lists","Kubernetes Admission Controller","Compliance, Governance, and Safety for AI Ops","Official projects","Authorization","Tools"],"sub_categories":["OPA (Open Policy Agent)","微服务","Uncategorized","Microservices","Open Policy Agent (OPA)","Repositories","ABAC frameworks","Others","Runtime Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-policy-agent%2Fopa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopen-policy-agent%2Fopa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-policy-agent%2Fopa/lists"}