Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-opa

A curated list of OPA related tools, frameworks and articles
https://github.com/juzhiyuan/awesome-opa

Last synced: 1 day ago
JSON representation

  • Official projects

    • Blogs and Articles

      • OPA - Official blog for the OPA project
      • OPA - Official blog for the OPA project
      • OPA - Official blog for the OPA project
      • Logo - The OPA Logo in different versions
      • OPA - Official blog for the OPA project
      • Logo - The OPA Logo in different versions
      • OPA - Official blog for the OPA project
      • OPA - Official blog for the OPA project
      • OPA - Official blog for the OPA project
      • OPA - Official blog for the OPA project
      • OPA - Official blog for the OPA project
      • OPA - Official blog for the OPA project

    • Repositories

      • OPA - Open Policy Agent Github repository
      • Gatekeeper - Kubernetes admission controller using OPA
      • Conftest - Write tests against structured configuration data
      • OPA - Open Policy Agent Github repository
      • Gatekeeper - Kubernetes admission controller using OPA
      • Conftest - Write tests against structured configuration data

    • Docs

  • Infrastructure as Code

    • Infrastructure as Code Blogs and Articles

    • Datasource Integrations Blogs and Articles

      • Regula - Evaluates Terraform code for potential security misconfigurations and compliance violations.
      • Example Terraform policies - Example Terraform policies
      • KICS - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
      • Regula - Evaluates Terraform code for potential security misconfigurations and compliance violations.
      • Example Terraform policies - Example Terraform policies
      • KICS - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
      • Trivy - Scan your code and artifacts for known vulnerabilities and misconfiguration issues.

  • Serverless

  • Policy Packages

    • Blogs and Articles

      • Library - Community-owned policy library for OPA
      • Library - Community-owned policy library for OPA
      • Policy Hub CLI - CLI tool that makes Rego policies searchable
      • Appshield - Open Database of rego policies for common Infrastructure as Code files
      • Conftest policy packs - Collection of Conftest policies for "Compliance-as-Code" security policies and general engineering standards. Policies targeting Terraform, Dockerfiles, package.json (NodeJS) files, etc
      • Confectionary - A library of rules for Conftest used to detect Terraform misconfigurations.
      • Policy Hub CLI - CLI tool that makes Rego policies searchable
      • Rego policies - Rego policies from the the Red Hat community of practice
      • Appshield - Open Database of rego policies for common Infrastructure as Code files
      • Conftest policy packs - Collection of Conftest policies for "Compliance-as-Code" security policies and general engineering standards. Policies targeting Terraform, Dockerfiles, package.json (NodeJS) files, etc
      • Confectionary - A library of rules for Conftest used to detect Terraform misconfigurations.

  • Kubernetes

  • Language and Platform Integrations

    • Java

      • Java - Generic Java client to query OPA's REST API
      • Spring Security Reactive - OPA with Spring Security Reactive
      • Java - Generic Java client to query OPA's REST API
      • Spring Security - OPA Spring Security Library
      • Spring Security Reactive - OPA with Spring Security Reactive
      • Gradle - OPA plugin for Gradle
      • Thunx - Thunx is a pluggable ABAC system using OPA, Spring Cloud Gateway and Spring Data REST
      • Gradle - OPA plugin for Gradle
      • Thunx - Thunx is a pluggable ABAC system using OPA, Spring Cloud Gateway and Spring Data REST

    • Python

    • Go

    • PHP

      • OPA Library for PHP - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware
      • OPA Library for PHP - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware

    • .NET

    • Node.js

    • Docker

      • Docker Security Checker - OPA Rego policies for Dockerfile Security checks using Conftest ([blog](https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f))
      • OPA Docker authorization - OPA to help policy-enable an existing services
      • Dockerfile security - A collection of OPA rules to statically analyze Dockerfiles to improve security
      • OPA Docker authorization - OPA to help policy-enable an existing services
      • Docker Security Checker - OPA Rego policies for Dockerfile Security checks using Conftest ([blog](https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f))
      • Dockerfile security - A collection of OPA rules to statically analyze Dockerfiles to improve security

    • Clojure

      • Clojure - Middleware and utilities for app authorization with OPA in Clojure

    • Containers

      • Konveyor Forklift Validation Service - VM migration suitability assessment to avoid migrating VMs that are not fit for Kubevirt. Rules are applied on all the VMs of the source provider (VMware) during the initial inventory collection, then whenever a VM configuration changes.

  • WebAssembly (Wasm)

    • Containers

      • Python Library - Open Policy Agent WebAssembly SDK for Python
      • Go SDK - a small Go library for using WebAssembly compiled Open Policy Agent Rego policies
      • Python Library - Open Policy Agent WebAssembly SDK for Python
      • Go SDK - a small Go library for using WebAssembly compiled Open Policy Agent Rego policies
      • JVM - Java SDK for calling Wasm-compiled policies. Uses wasmtime.
      • JVM - Java SDK for calling Wasm-compiled policies. Uses wasmtime.
      • NPM module - a small SDK for using WebAssembly compiled Open Policy Agent Rego policies
      • .NET Core Library - .NET SDK for calling Wasm-compiled OPA policies from .NET Core

    • Docs

      • Wasm - Official docs on WebAssembly for OPA
      • Wasm - Official docs on WebAssembly for OPA

    • Built with Wasm

      • OPA Wasm demo - Demonstration of evaluating OPA's Wasm modules in the browser
      • Snyk CLI - Test Infrastructure as Code source code for security misconfigurations and best practices in the local console. The npm-opa-wasm library is used to run WASM bundle of Rego policies to detect misconfiguration.
      • OPA Wasm demo - Demonstration of evaluating OPA's Wasm modules in the browser
      • Snyk CLI - Test Infrastructure as Code source code for security misconfigurations and best practices in the local console. The npm-opa-wasm library is used to run WASM bundle of Rego policies to detect misconfiguration.

  • Datasource Integrations

  • IDE and Editor Integrations

    • Datasource Integrations Blogs and Articles

      • Vim - Vim plugin for the Rego language, with support for syntax highlighting
      • Atom - Syntax highlighting for the Atom editor
      • CodeMirror - Rego mode and minimal key map for [CodeMirror](https://codemirror.net/)
      • TextMate - Syntax highlighting for TextMate
      • VS Code plugin - Develop, test, debug, and analyze policies for OPA in VS Code
      • IntelliJ plugin - OPA plugin for the IntelliJ IDE
      • Atom - Syntax highlighting for the Atom editor
      • Emacs - Emacs Major mode for working with Rego
      • Vim - Vim plugin for the Rego language, with support for syntax highlighting
      • CodeMirror - Rego mode and minimal key map for [CodeMirror](https://codemirror.net/)
      • TextMate - Syntax highlighting for TextMate
      • Sublime - Syntax highlighting for Sublime
      • Nano - Syntax highlighting for Nano
      • Prism - Prism is a lightweight, extensible syntax highlighter, built with modern web standards in mind (supports Rego)
      • Sublime - Syntax highlighting for Sublime
      • Prism - Prism is a lightweight, extensible syntax highlighter, built with modern web standards in mind (supports Rego)

  • Tools and Utilities

    • Serverless Blogs and Articles

      • OPA pre-commit - Pre-commit hooks for OPA/Rego/Conftest development
      • OpenAPI to Rego - Generate Rego code given an OpenAPI 3.0 Specification
      • Temporal reasoning with OPA - Examples for working with time in Rego
      • OPAL - Realtime policy and data updates for your OPA agents on top of websockets pub/sub
      • Fregot - Alternative REPL implementation for Rego
      • Monitor OPA Gatekeeper - Monitoring implementation guide for OPA Gatekeeper ([blog](https://sysdig.com/blog/monitor-gatekeeper-prometheus/))
      • OpenAPI to Rego - Generate Rego code given an OpenAPI 3.0 Specification
      • Temporal reasoning with OPA - Examples for working with time in Rego
      • OPAL - Realtime policy and data updates for your OPA agents on top of websockets pub/sub
      • OPA Action - OPA Pull-Request Assessor is a GitHub Action that checks files against policies configured in the same repo
      • OPA Schema Examples - Examples of extending the OPA type checker with JSON [schemas](https://www.openpolicyagent.org/docs/latest/schemas/)
      • Snyk IaC Rules - Maintain library of Rego rules, run integration tests and build WASM bundles for distribution of rules. The OPA libraries are used to build WASM bundles.
      • kube-review - CLI tool to quickly create [AdmissionReview](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) requests from Kubernetes resources
      • OPA Action - OPA Pull-Request Assessor is a GitHub Action that checks files against policies configured in the same repo
      • OPA Schema Examples - Examples of extending the OPA type checker with JSON [schemas](https://www.openpolicyagent.org/docs/latest/schemas/)
      • Snyk IaC Rules - Maintain library of Rego rules, run integration tests and build WASM bundles for distribution of rules. The OPA libraries are used to build WASM bundles.
      • kube-review - CLI tool to quickly create [AdmissionReview](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) requests from Kubernetes resources

  • Support and Community

    • Serverless Blogs and Articles

      • Styra - Commercial support, and tools for managing OPA at scale, by the creators of OPA
      • Stack Overflow - Stack Overflow OPA section
      • Styra - Commercial support, and tools for managing OPA at scale, by the creators of OPA
      • Stack Overflow - Stack Overflow OPA section
      • GitHub Discussions - Open Policy Agent Discussion Board

  • Commercial Tools

    • Serverless Blogs and Articles

      • Snyk IaC - Test Infrastructure as Code source code repositories for security misconfigurations and best practices. The OPA golang libraries are used to evaluate Rego policies to detect misconfigurations in the repositories.
      • Snyk IaC - Test Infrastructure as Code source code repositories for security misconfigurations and best practices. The OPA golang libraries are used to evaluate Rego policies to detect misconfigurations in the repositories.
Programming Languages
Go 30 Open Policy Agent 26 Python 13 Java 13 TypeScript 4 Shell 3 Vim script 2 PHP 2 Scala 1 Haskell 1
Categories
Language and Platform Integrations 32 Kubernetes 32 Official projects 24 Infrastructure as Code 20 Tools and Utilities 17 IDE and Editor Integrations 16 Serverless 14 WebAssembly (Wasm) 14 Policy Packages 11 Datasource Integrations 8 Support and Community 5 Commercial Tools 2 Recommended Reading 2
Sub Categories
Blogs and Articles 42 Serverless Blogs and Articles 38 Datasource Integrations Blogs and Articles 23 Built with Wasm 22 Infrastructure as Code Blogs and Articles 15 Python 9 Containers 9 Java 9 Docs 8 Repositories 6 Docker 6 Service Mesh Authorization 3 Go 2 PHP 2 .NET 1 Clojure 1 Node.js 1
Keywords
opa 47 rego 24 kubernetes 19 openpolicyagent 19 open-policy-agent 16 policy 15 authorization 14 security 13 conftest 11 gatekeeper 10 cloud-native 8 policies 6 java 6 infrastructure-as-code 5 vulnerability-detection 5 docker 5 mutation 4 cncf 4 compliance 4 testing 4 policy-as-code 4 spring-data-jpa 4 admission-controller 4 k8s 4 validation 4 dashboard 3 authorization-middleware 3 spring-security 3 open-policy-agent-python 3 python 3 vulnerability-scanners 3 security-tools 3 iac 3 devsecops 3 golang 3 vulnerabilities 2 gradle 2 snyk 2 monitor 2 gradle-plugin 2 querydsl 2 spring 2 spring-cloud-gateway 2 javaclient 2 cloud 2 opa-rego-policies 2 infosec 2 dockerfile 2 flask-extension 2 client-library 2