Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-opa
A curated list of OPA related tools, frameworks and articles
https://github.com/juzhiyuan/awesome-opa
Last synced: 1 day ago
JSON representation
-
Official projects
-
Blogs and Articles
- OPA - Official blog for the OPA project
- OPA - Official blog for the OPA project
- OPA - Official blog for the OPA project
- Logo - The OPA Logo in different versions
- OPA - Official blog for the OPA project
- Logo - The OPA Logo in different versions
- OPA - Official blog for the OPA project
- OPA - Official blog for the OPA project
- OPA - Official blog for the OPA project
- OPA - Official blog for the OPA project
- OPA - Official blog for the OPA project
- OPA - Official blog for the OPA project
-
Repositories
- OPA - Open Policy Agent Github repository
- Gatekeeper - Kubernetes admission controller using OPA
- Conftest - Write tests against structured configuration data
- OPA - Open Policy Agent Github repository
- Gatekeeper - Kubernetes admission controller using OPA
- Conftest - Write tests against structured configuration data
-
Docs
- Conftest - Conftest documentation
- Styra Academy - Excellent OPA training courses
- Gatekeeper - OPA Gatekeeper docs
- Styra Academy - Excellent OPA training courses
- Gatekeeper - OPA Gatekeeper docs
- Conftest - Conftest documentation
-
-
Infrastructure as Code
-
Infrastructure as Code Blogs and Articles
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Using OPA with Pulumi CrossGuard - Authoring Pulumi CrossGuard Policy with OPA
- AWS CDK with OPA - Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
- Using OPA with Pulumi CrossGuard - Authoring Pulumi CrossGuard Policy with OPA
- AWS CDK with OPA - Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
-
Datasource Integrations Blogs and Articles
- Regula - Evaluates Terraform code for potential security misconfigurations and compliance violations.
- Example Terraform policies - Example Terraform policies
- KICS - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
- Regula - Evaluates Terraform code for potential security misconfigurations and compliance violations.
- Example Terraform policies - Example Terraform policies
- KICS - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
- Trivy - Scan your code and artifacts for known vulnerabilities and misconfiguration issues.
-
-
Serverless
-
Serverless Blogs and Articles
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Lambda Authorizer - Creating a custom Lambda authorizer using Open Policy Agent
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Lambda Authorizer - Creating a custom Lambda authorizer using Open Policy Agent
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
-
Infrastructure as Code Blogs and Articles
- OPA Lambda Extension Plugin - A custom plugin for running OPA in AWS Lambda as a Lambda Extension
- OPA Lambda Extension Plugin - A custom plugin for running OPA in AWS Lambda as a Lambda Extension
-
-
Policy Packages
-
Blogs and Articles
- Library - Community-owned policy library for OPA
- Library - Community-owned policy library for OPA
- Policy Hub CLI - CLI tool that makes Rego policies searchable
- Appshield - Open Database of rego policies for common Infrastructure as Code files
- Conftest policy packs - Collection of Conftest policies for "Compliance-as-Code" security policies and general engineering standards. Policies targeting Terraform, Dockerfiles, package.json (NodeJS) files, etc
- Confectionary - A library of rules for Conftest used to detect Terraform misconfigurations.
- Policy Hub CLI - CLI tool that makes Rego policies searchable
- Rego policies - Rego policies from the the Red Hat community of practice
- Appshield - Open Database of rego policies for common Infrastructure as Code files
- Conftest policy packs - Collection of Conftest policies for "Compliance-as-Code" security policies and general engineering standards. Policies targeting Terraform, Dockerfiles, package.json (NodeJS) files, etc
- Confectionary - A library of rules for Conftest used to detect Terraform misconfigurations.
-
-
Kubernetes
-
Built with Wasm
- Rego Policies - Gatekeeper policies collection
- Konstraint - CLI tool for working with templates and constraints when using Gatekeeper
- Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations
- Gatekeeper Policy Manager - Web UI for Gatekeeper policies
- Validating and Mutating Admission Control Example - Example validating and mutation admission controller
- MagTape - OPA-based admission controller for policy enforcement
- Admission policy development - OPA Kubernetes validation and mutation testing environment
- Gatekeeper Conftest plugin - A Conftest plugin that transforms input objects to be compatible with OPA Gatekeeper policies.
- Konstraint - CLI tool for working with templates and constraints when using Gatekeeper
- Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations
- Gatekeeper Policy Manager - Web UI for Gatekeeper policies
- Validating and Mutating Admission Control Example - Example validating and mutation admission controller
- MagTape - OPA-based admission controller for policy enforcement
- Admission policy development - OPA Kubernetes validation and mutation testing environment
- Gatekeeper Conftest plugin - A Conftest plugin that transforms input objects to be compatible with OPA Gatekeeper policies.
- Kubescape - Kubescape is tool for scanning Kubernetes clusters for security issues. Kubescape tests (rules) are based completely on OPA. See the regos [here](https://github.com/armosec/regolibrary)
- Kubescape - Kubescape is tool for scanning Kubernetes clusters for security issues. Kubescape tests (rules) are based completely on OPA. See the regos [here](https://github.com/armosec/regolibrary)
- Cosign Gatekeeper Provider - Cosign Provider a new provider of OPA Gatekeeper's ExternalData feature to verify container images
-
Service Mesh Authorization
- OPA Envoy Plugin - The OPA Envoy Plugin (compatible with Envoy, Istio, Gloo Edge, more)
- Open Service Mesh - Envoy based service mesh using OPA for external authorization
- OPA Envoy Plugin - The OPA Envoy Plugin (compatible with Envoy, Istio, Gloo Edge, more)
-
Blogs and Articles
- Policy Enabled Kubernetes with OPA - Guide on setting up OPA for kubernetes admission control
- Using OPA on EKS - Using Open Policy Agent on Amazon EKS
- OPA and Gatekeeper - Comparison between OPA and Gatekeeper with lots of useful information
- Gatekeeper in a CI/CD pipeline - Guide on how to setup your CI environment to test your Kubernetes configuration against your policy in a CI environment as part of a GitOps strategy
- Verifying container signatures on Kubernetes with Gatekeeper - Verifying container signatures on Kubernetes with Gatekeeper
- Policy Enabled Kubernetes with OPA - Guide on setting up OPA for kubernetes admission control
- Using OPA on EKS - Using Open Policy Agent on Amazon EKS
- OPA and Gatekeeper - Comparison between OPA and Gatekeeper with lots of useful information
- Kubernetes Authorization - Guide on using OPA for Kubernetes authorization
- Gatekeeper in a CI/CD pipeline - Guide on how to setup your CI environment to test your Kubernetes configuration against your policy in a CI environment as part of a GitOps strategy
- Verifying container signatures on Kubernetes with Gatekeeper - Verifying container signatures on Kubernetes with Gatekeeper
-
-
Language and Platform Integrations
-
Java
- Java - Generic Java client to query OPA's REST API
- Spring Security Reactive - OPA with Spring Security Reactive
- Java - Generic Java client to query OPA's REST API
- Spring Security - OPA Spring Security Library
- Spring Security Reactive - OPA with Spring Security Reactive
- Gradle - OPA plugin for Gradle
- Thunx - Thunx is a pluggable ABAC system using OPA, Spring Cloud Gateway and Spring Data REST
- Gradle - OPA plugin for Gradle
- Thunx - Thunx is a pluggable ABAC system using OPA, Spring Cloud Gateway and Spring Data REST
-
Python
- OPA Python client - Python client for OPA's REST API
- Flask OPA - OPA client for the Flask microframework
- Bottle Authorization - Custom Bottle Application Authorization
- Rego Python - Python package for interacting with Rego
- Sphinx Rego - Sphinx extension that automatically documents Rego policies
- Flask OPA - OPA client for the Flask microframework
- Bottle Authorization - Custom Bottle Application Authorization
- Rego Python - Python package for interacting with Rego
- Sphinx Rego - Sphinx extension that automatically documents Rego policies
-
Go
- Go Example API Authorization - Example API authorization using OPA
- Go Example API Authorization - Example API authorization using OPA
-
PHP
- OPA Library for PHP - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware
- OPA Library for PHP - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware
-
.NET
- ASP.NET Core - ASP.NET Core authorization middleware
-
Node.js
- OPA Express - OPA client for the Express framework
-
Docker
- Docker Security Checker - OPA Rego policies for Dockerfile Security checks using Conftest ([blog](https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f))
- OPA Docker authorization - OPA to help policy-enable an existing services
- Dockerfile security - A collection of OPA rules to statically analyze Dockerfiles to improve security
- OPA Docker authorization - OPA to help policy-enable an existing services
- Docker Security Checker - OPA Rego policies for Dockerfile Security checks using Conftest ([blog](https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f))
- Dockerfile security - A collection of OPA rules to statically analyze Dockerfiles to improve security
-
Clojure
- Clojure - Middleware and utilities for app authorization with OPA in Clojure
-
Containers
- Konveyor Forklift Validation Service - VM migration suitability assessment to avoid migrating VMs that are not fit for Kubevirt. Rules are applied on all the VMs of the source provider (VMware) during the initial inventory collection, then whenever a VM configuration changes.
-
-
WebAssembly (Wasm)
-
Containers
- Python Library - Open Policy Agent WebAssembly SDK for Python
- Go SDK - a small Go library for using WebAssembly compiled Open Policy Agent Rego policies
- Python Library - Open Policy Agent WebAssembly SDK for Python
- Go SDK - a small Go library for using WebAssembly compiled Open Policy Agent Rego policies
- JVM - Java SDK for calling Wasm-compiled policies. Uses wasmtime.
- JVM - Java SDK for calling Wasm-compiled policies. Uses wasmtime.
- NPM module - a small SDK for using WebAssembly compiled Open Policy Agent Rego policies
- .NET Core Library - .NET SDK for calling Wasm-compiled OPA policies from .NET Core
-
Docs
-
Built with Wasm
- OPA Wasm demo - Demonstration of evaluating OPA's Wasm modules in the browser
- Snyk CLI - Test Infrastructure as Code source code for security misconfigurations and best practices in the local console. The npm-opa-wasm library is used to run WASM bundle of Rego policies to detect misconfiguration.
- OPA Wasm demo - Demonstration of evaluating OPA's Wasm modules in the browser
- Snyk CLI - Test Infrastructure as Code source code for security misconfigurations and best practices in the local console. The npm-opa-wasm library is used to run WASM bundle of Rego policies to detect misconfiguration.
-
-
Datasource Integrations
-
Blogs and Articles
- Data Filtering on Spring Data - Data filtering for MongoDB and JPA using OPA
- Strimzi - Kafka in kubernetes, with built-in support for OPA as authorizer
- Google Calendar - Integrating OPA with the Google Calendar API
- Data Filtering on Spring Data - Data filtering for MongoDB and JPA using OPA
- Strimzi - Kafka in kubernetes, with built-in support for OPA as authorizer
- Google Calendar - Integrating OPA with the Google Calendar API
- Kafka Authorizer - Kafka authorizer plugin with example policies
- Elasticsearch - OPA-Elasticsearch Data Filtering Example
-
-
IDE and Editor Integrations
-
Datasource Integrations Blogs and Articles
- Vim - Vim plugin for the Rego language, with support for syntax highlighting
- Atom - Syntax highlighting for the Atom editor
- CodeMirror - Rego mode and minimal key map for [CodeMirror](https://codemirror.net/)
- TextMate - Syntax highlighting for TextMate
- VS Code plugin - Develop, test, debug, and analyze policies for OPA in VS Code
- IntelliJ plugin - OPA plugin for the IntelliJ IDE
- Atom - Syntax highlighting for the Atom editor
- Emacs - Emacs Major mode for working with Rego
- Vim - Vim plugin for the Rego language, with support for syntax highlighting
- CodeMirror - Rego mode and minimal key map for [CodeMirror](https://codemirror.net/)
- TextMate - Syntax highlighting for TextMate
- Sublime - Syntax highlighting for Sublime
- Nano - Syntax highlighting for Nano
- Prism - Prism is a lightweight, extensible syntax highlighter, built with modern web standards in mind (supports Rego)
- Sublime - Syntax highlighting for Sublime
- Prism - Prism is a lightweight, extensible syntax highlighter, built with modern web standards in mind (supports Rego)
-
-
Tools and Utilities
-
Serverless Blogs and Articles
- OPA pre-commit - Pre-commit hooks for OPA/Rego/Conftest development
- OpenAPI to Rego - Generate Rego code given an OpenAPI 3.0 Specification
- Temporal reasoning with OPA - Examples for working with time in Rego
- OPAL - Realtime policy and data updates for your OPA agents on top of websockets pub/sub
- Fregot - Alternative REPL implementation for Rego
- Monitor OPA Gatekeeper - Monitoring implementation guide for OPA Gatekeeper ([blog](https://sysdig.com/blog/monitor-gatekeeper-prometheus/))
- OpenAPI to Rego - Generate Rego code given an OpenAPI 3.0 Specification
- Temporal reasoning with OPA - Examples for working with time in Rego
- OPAL - Realtime policy and data updates for your OPA agents on top of websockets pub/sub
- OPA Action - OPA Pull-Request Assessor is a GitHub Action that checks files against policies configured in the same repo
- OPA Schema Examples - Examples of extending the OPA type checker with JSON [schemas](https://www.openpolicyagent.org/docs/latest/schemas/)
- Snyk IaC Rules - Maintain library of Rego rules, run integration tests and build WASM bundles for distribution of rules. The OPA libraries are used to build WASM bundles.
- kube-review - CLI tool to quickly create [AdmissionReview](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) requests from Kubernetes resources
- OPA Action - OPA Pull-Request Assessor is a GitHub Action that checks files against policies configured in the same repo
- OPA Schema Examples - Examples of extending the OPA type checker with JSON [schemas](https://www.openpolicyagent.org/docs/latest/schemas/)
- Snyk IaC Rules - Maintain library of Rego rules, run integration tests and build WASM bundles for distribution of rules. The OPA libraries are used to build WASM bundles.
- kube-review - CLI tool to quickly create [AdmissionReview](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) requests from Kubernetes resources
-
-
Support and Community
-
Serverless Blogs and Articles
- Styra - Commercial support, and tools for managing OPA at scale, by the creators of OPA
- Stack Overflow - Stack Overflow OPA section
- Styra - Commercial support, and tools for managing OPA at scale, by the creators of OPA
- Stack Overflow - Stack Overflow OPA section
- GitHub Discussions - Open Policy Agent Discussion Board
-
-
Recommended Reading
-
Serverless Blogs and Articles
- Microservices Security in Action - Book on micorservices security, with dedicated section covering OPA. Freely available online.
- Microservices Security in Action - Book on micorservices security, with dedicated section covering OPA. Freely available online.
-
-
Commercial Tools
-
Serverless Blogs and Articles
- Snyk IaC - Test Infrastructure as Code source code repositories for security misconfigurations and best practices. The OPA golang libraries are used to evaluate Rego policies to detect misconfigurations in the repositories.
- Snyk IaC - Test Infrastructure as Code source code repositories for security misconfigurations and best practices. The OPA golang libraries are used to evaluate Rego policies to detect misconfigurations in the repositories.
-
Programming Languages
Categories
Sub Categories
Keywords
opa
47
rego
24
kubernetes
19
openpolicyagent
19
open-policy-agent
16
policy
15
authorization
14
security
13
conftest
11
gatekeeper
10
cloud-native
8
policies
6
java
6
infrastructure-as-code
5
vulnerability-detection
5
docker
5
mutation
4
cncf
4
compliance
4
testing
4
policy-as-code
4
spring-data-jpa
4
admission-controller
4
k8s
4
validation
4
dashboard
3
authorization-middleware
3
spring-security
3
open-policy-agent-python
3
python
3
vulnerability-scanners
3
security-tools
3
iac
3
devsecops
3
golang
3
vulnerabilities
2
gradle
2
snyk
2
monitor
2
gradle-plugin
2
querydsl
2
spring
2
spring-cloud-gateway
2
javaclient
2
cloud
2
opa-rego-policies
2
infosec
2
dockerfile
2
flask-extension
2
client-library
2