awesome-opa

A curated list of OPA related tools, frameworks and articles
https://github.com/StyraInc/awesome-opa

Last synced: about 18 hours ago
JSON representation

Official projects
- Blogs and Articles
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - Logo - The OPA Logo in different versions
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
  - OPA - Official blog for the OPA project
- Docs
  - OPA - Official OPA documentation
  - Styra Academy - Excellent OPA training courses
  - Gatekeeper - OPA Gatekeeper docs
  - Conftest - Conftest documentation
  - Regal Docs - Documentation for 60+ linter rules, providing an excellent reference for learning Rego
  - Rego Style Guide - Style guide for Rego, providing pointers on best practices for policy authoring
- Repositories
  - OPA - Open Policy Agent Github repository
  - Conftest - Write tests against structured configuration data
Infrastructure as Code
- Infrastructure as Code Blogs and Articles
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Using OPA with Pulumi CrossGuard - Authoring Pulumi CrossGuard Policy with OPA
  - AWS CDK with OPA - Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Using OPA with Spacelift - Open Policy Agent: What Is OPA and How It Works (Examples)
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
  - Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Datasource Integrations Blogs and Articles
  - Terrascan - [500+ Policies](https://github.com/accurics/terrascan/tree/master/pkg/policies/opa/rego) written in OPA for security best practices.
  - GCP policy guardrails for Terraform - Rego reference policy library for GCP controls (originally from forseti). Originally used by `terraform-validator` and now on `gcloud beta terraform vet`. More info at [Policy Validation](https://cloud.google.com/docs/terraform/policy-validation)
  - OPA AWS CloudFormation Hook - AWS CloudFormation Hook calling OPA for policy decisions. See also [tutorial](https://www.openpolicyagent.org/docs/latest/aws-cloudformation-hooks/).
  - TFLint OPA Ruleset - Write custom TFLint rules in Rego
  - Regula - Evaluates Terraform code for potential security misconfigurations and compliance violations.
  - Example Terraform policies - Example Terraform policies
  - KICS - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
  - Trivy - Scan your code and artifacts for known vulnerabilities and misconfiguration issues.
  - Terraform OPA IBM - Terraform policy library for IBM Cloud
  - Pulumi OPA Bridge for CrossGuard - This project allows OPA rules to be run in the context of Pulumi's policy system, CrossGuard
  - Infracost - Infracost generates cloud cost estimates for Terraform and integrates with OPA, it can be used to write [cost policies](https://www.infracost.io/docs/features/cost_policies/)
  - Terrascan - [500+ Policies](https://github.com/accurics/terrascan/tree/master/pkg/policies/opa/rego) written in OPA for security best practices.
Language and Platform Integrations
- Containers
  - Konveyor Forklift Validation Service - VM migration suitability assessment to avoid migrating VMs that are not fit for Kubevirt. Rules are applied on all the VMs of the source provider (VMware) during the initial inventory collection, then whenever a VM configuration changes.
  - Konveyor Forklift Validation Service - VM migration suitability assessment to avoid migrating VMs that are not fit for Kubevirt. Rules are applied on all the VMs of the source provider (VMware) during the initial inventory collection, then whenever a VM configuration changes.
- Python
  - regopy - Python module which uses the C FFI for rego-cpp, allowing in-process Pythonic Rego policy evaluation
  - OPA Python - Python client library for Open Policy Agent
  - OPA Python client - Python client for OPA's REST API
  - Flask OPA - OPA client for the Flask microframework
  - Bottle Authorization - Custom Bottle Application Authorization
  - Rego Python - Python package for interacting with Rego
  - Sphinx Rego - Sphinx extension that automatically documents Rego policies
  - regorus - Evaluate Rego policies in Python using Regorus, a fast, lightweight Rego interpreter written in Rust.
- Go
  - Fiber OPA Integration - OPA integration for Fiber web framework. Enables to execute Rego policies in the middlewares.
  - Go Example API Authorization - Example API authorization using OPA
  - HTTP API OPA middlewares - Collection of OPA middlewares for your HTTP/Gin/Fiber API.
  - regorus - Golang bindings to Regorus, a fast, lightweight Rego interpreter written in Rust.
- Rust
  - regorust - Rust crate wrapping the C FFI for rego-cpp, allowing in-process Rego policy evaluation using idiomatic Rust.
  - regorus - A fast, lightweight Rego interpreter written in Rust. In addition to bringing the power of Rego to Rust-only environments, it is intended as a platform for developing Rego tools and exploring Rego language enhancements.
- Java
  - Styra Java SDK - Java SDK for interacting with OPA ([documentation](https://docs.styra.com/sdk))
  - OPA Java Client - Generic Java client to query OPA's REST API
  - Spring Security - OPA Spring Security Library
  - Spring Security Reactive - OPA with Spring Security Reactive
  - Gradle - OPA plugin for Gradle
  - Thunx - Thunx is a pluggable ABAC system using OPA, Spring Cloud Gateway and Spring Data REST
- PHP
  - OPA Library for PHP - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware
- .NET
  - Styra C# SDK - C# SDK for interacting with OPA ([documentation](https://docs.styra.com/sdk))
  - ASP.NET Core - ASP.NET Core authorization middleware
  - OpaDotNet.Extensions.AspNetCore - ASP.NET Core authorization infrastructure
  - regorus - C# bindings to Regorus, a fast, lightweight Rego interpreter written in Rust.
- Node.js
  - OPA Express - OPA client for the Express framework
- Clojure
  - Jarl - Native evaluation of Rego in the JVM (written in Clojure), via OPA's IR format ([blog](https://blog.openpolicyagent.org/i-have-a-plan-exploring-the-opa-intermediate-representation-ir-format-7319cd94b37d))
  - clj-opa - Middleware and utilities for app authorization with OPA in Clojure
- Docker
  - OPA Docker authorization - OPA to help policy-enable an existing services
  - Docker Security Checker - OPA Rego policies for Dockerfile Security checks using Conftest
  - Dockerfile security - A collection of OPA rules to statically analyze Dockerfiles to improve security
- CPP
  - rego-cpp - Rego compiler and runtime implemented in C++. It provides a C FFI with Rust and Python bindings in addition to an extensible C++ implementation.
  - regorus - C++ bindings to Regorus, a fast, lightweight Rego interpreter written in Rust.
- Typescript
  - Styra OPA Typescript SDK - Typescript SDK for interacting with OPA ([documentation](https://docs.styra.com/sdk))
WebAssembly (Wasm)
- Typescript
  - .NET Core Library - .NET SDK for calling Wasm-compiled OPA policies from .NET Core
  - NPM module - a small SDK for using WebAssembly compiled Open Policy Agent Rego policies
  - .NET Core Library - .NET SDK for calling Wasm-compiled OPA policies from .NET Core
  - OpaDotNet - Open Policy Agent (OPA) WebAssembly dotnet core SDK
  - OpaDotNet.Compilation - dotnet core backend for packaging Open Policy Agent Rego policies and data files into WASM policy bundles
  - Python Library - Open Policy Agent WebAssembly SDK for Python
  - JVM - Java SDK for calling Wasm-compiled policies. Uses wasmtime.
  - Rust - A crate to use OPA policies compiled to Wasm.
  - NPM module - a small SDK for using WebAssembly compiled Open Policy Agent Rego policies
  - Go SDK - a small Go library for using WebAssembly compiled Open Policy Agent Rego policies
- WebAssembly Blogs and Articles
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Enforce policies in the browser with Open Policy Agent - _first_ article in a series of three covering why and how to reuse backend Policy-as-Code in the browser.
  - Reuse Policy as Code — stay DRY - _second_ article in a series of three covering why and how to reuse backend Policy-as-Code in the browser. This article focus on Rego and HOW
  - OPA & Angular: Policy-as-Code in the browser - _third_ article in a series of three covering why and how to reuse backend Policy-as-Code in the browser. Angular Proof of Concept based on article 1 & 2.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
  - Rego on WebAssembly - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
- Docs
  - Wasm - Official docs on WebAssembly for OPA
- Built with Wasm
  - OPA Wasm demo - Demonstration of evaluating OPA's Wasm modules in the browser
  - Snyk CLI - Test Infrastructure as Code source code for security misconfigurations and best practices in the local console. The npm-opa-wasm library is used to run WASM bundle of Rego policies to detect misconfiguration.
  - Snyk CLI - Test Infrastructure as Code source code for security misconfigurations and best practices in the local console. The npm-opa-wasm library is used to run WASM bundle of Rego policies to detect misconfiguration.
  - regorus - Evaluate Rego policies in WASM using Regorus. Try it out at [Regorus Playground](https://anakrish.github.io/regorus-playground/).
Kubernetes
- Built with Wasm
  - Red Hat Rego Policies - Red Hat Rego policies collection
  - Cosign Gatekeeper Provider - Cosign Provider a new provider of OPA Gatekeeper's ExternalData feature to verify container images
  - Meshery - Meshery leverages built-in relationships to enforce Kubernetes configuration best practices and enhances the development process through custom rules in OPA's Rego query language
  - Kubescape - Kubescape is tool for scanning Kubernetes clusters for security issues. Kubescape tests (rules) are based completely on OPA. See the regos [here](https://github.com/armosec/regolibrary)
  - Kubescape - Kubescape is tool for scanning Kubernetes clusters for security issues. Kubescape tests (rules) are based completely on OPA. See the regos [here](https://github.com/armosec/regolibrary)
  - Konstraint - CLI tool for working with templates and constraints when using Gatekeeper
  - Gatekeeper Policy Manager - Web UI for Gatekeeper policies
  - Validating and Mutating Admission Control Example - Example validating and mutation admission controller
  - MagTape - OPA-based admission controller for policy enforcement
  - Admission policy development - OPA Kubernetes validation and mutation testing environment
  - Gatekeeper Conftest plugin - A Conftest plugin that transforms input objects to be compatible with OPA Gatekeeper policies.
  - Cosign Gatekeeper Provider - Cosign Provider a new provider of OPA Gatekeeper's ExternalData feature to verify container images
  - Kove - Watch your in-cluster Kubernetes manifests for OPA policy violations and export them as Prometheus metrics
  - GKE Policy Automation - Tool and policy library for reviewing GKE clusters against best practices
  - Kubescape - Kubescape is tool for scanning Kubernetes clusters for security issues. Kubescape tests (rules) are based completely on OPA. See the regos [here](https://github.com/armosec/regolibrary)
  - kube-mgmt - Sidecar providing data from Kubernetes to OPA. Includes Helm charts for both projects
  - Gatekeeper Policy Library - A collection of constraint templates and sample constraints that you can use with Gatekeeper
  - Gatekeeper - A validating and mutating webhook that enforces CRD-based policies executed by OPA for Kubernetes
- Service Mesh Authorization
  - Open Service Mesh - Envoy based service mesh using OPA for external authorization
  - Kuma - OPA for Kuma service mesh
  - Kong Mesh - OPA for Kong Mesh authorization ([docs](https://docs.konghq.com/mesh/1.5.x/features/opa/))
  - OPA Envoy Plugin - The OPA Envoy Plugin (compatible with Envoy, Istio, Gloo Edge, more)
- Blogs and Articles
  - Policy Enabled Kubernetes with OPA - Guide on setting up OPA for kubernetes admission control
  - Integrating OPA with Kubernetes - Comprehensive introduction to OPA and Gatekeeper
  - Using OPA on EKS - Using Open Policy Agent on Amazon EKS
  - OPA and Gatekeeper - Comparison between OPA and Gatekeeper with lots of useful information
  - Gatekeeper in a CI/CD pipeline - Guide on how to setup your CI environment to test your Kubernetes configuration against your policy in a CI environment as part of a GitOps strategy
  - Verifying container signatures on Kubernetes with Gatekeeper - Verifying container signatures on Kubernetes with Gatekeeper
  - Gator CLI - Testing Gatekeeper constraints with Gator CLI
  - Kubernetes: An Enterprise Guide, 2nd Ed Chapter 8 - Extending Security with OpenPolicyAgent - Walk through labs that show you how to build, debug, and deploy GateKeeper policies and mutations in your cluster.
  - Kubernetes: An Enterprise Guide, 2nd Ed Chapter 9 - Node Security with GateKeeper - Walk through labs that show the differences between VMs and containers with a breakout, creating `securityContext` defaults using mutations, replacing `PodSecurityPolicy` using GateKeeper, debuging audit violations, and policies for multi-tenant clusters.
  - OPA Gatekeeper: Policy and Governance for Kubernetes - Kubernetes blog post
  - Using OPA Gatekeeper on Azure - Azure Policy for Kubernetes clusters
  - Kubernetes: An Enterprise Guide, 2nd Ed Chapter 9 - Node Security with GateKeeper - Walk through labs that show the differences between VMs and containers with a breakout, creating `securityContext` defaults using mutations, replacing `PodSecurityPolicy` using GateKeeper, debuging audit violations, and policies for multi-tenant clusters.
  - Kubernetes: An Enterprise Guide, 2nd Ed Chapter 8 - Extending Security with OpenPolicyAgent - Walk through labs that show you how to build, debug, and deploy GateKeeper policies and mutations in your cluster.
  - Kubernetes: An Enterprise Guide, 2nd Ed Chapter 8 - Extending Security with OpenPolicyAgent - Walk through labs that show you how to build, debug, and deploy GateKeeper policies and mutations in your cluster.
  - Kubernetes: An Enterprise Guide, 2nd Ed Chapter 9 - Node Security with GateKeeper - Walk through labs that show the differences between VMs and containers with a breakout, creating `securityContext` defaults using mutations, replacing `PodSecurityPolicy` using GateKeeper, debuging audit violations, and policies for multi-tenant clusters.
Datasource Integrations
- Blogs and Articles
  - Elasticsearch - OPA-Elasticsearch Data Filtering Example
  - Elasticsearch - OPA-Elasticsearch Data Filtering Example
  - Strimzi - Kafka in kubernetes, with built-in support for OPA as authorizer
  - Inspektor - Access Control as Code for databases using OPA to make its access decision
  - Alluxio - Alluxio is a data orchestration tool which allows [delegating access control decisions to OPA](https://docs.alluxio.io/ee/user/2.10.0/en/security/OpenPolicyAgent-Integration.html)
  - Inspektor - Access Control as Code for databases using OPA to make its access decision
  - Kafka Authorizer - Kafka authorizer plugin using OPA, with example policies
  - OPA Single Message Transformer - Single Message Transformer for Kafka. Uses OPA to choose which records to filter out based on policy.
  - Data Filtering on Spring Data - Data filtering for MongoDB and JPA using OPA
  - Google Calendar - Integrating OPA with the Google Calendar API
  - Trino OPA Authorizer - Plugin for Trino that allows using OPA for authorization
  - Trino OPA Authorizer - Plugin for Trino that allows using OPA for authorization
- Datasource Integrations Blogs and Articles
  - Google Calendar Integration - The Power of Data: Calendar-based Policy Enforcement
  - Apache Kafka - Controlling Kafka Data Flows using Open Policy Agent
Serverless
- Serverless Blogs and Articles
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Lambda Authorizer - Creating a custom Lambda authorizer using Open Policy Agent
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
  - Serverless Policy Enforcement - Connecting Open Policy Agent and AWS Lambda
- Infrastructure as Code Blogs and Articles
  - OPA Lambda Extension Plugin - A custom plugin for running OPA in AWS Lambda as a Lambda Extension
Recommended Reading
- Testing Blogs and Articles
  - Gusto Engineering
  - Integration - How we integrated our purely functional Scala backend with the Open Policy Agent
  - Integration - Control User Access and Permissions in CVAT with Open Policy Agent
  - Microservices Security in Action - Book on microservices security, with dedicated section covering OPA. Freely available online
  - Gusto Engineering
  - Gusto Engineering
  - Fugue (now Snyk) - 5 tips for using the Rego language for Open Policy Agent
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - OPA Guidebook - Open source, free book on Open Policy Agent, by Sangkeon Lee ([source code](https://github.com/sangkeon/opaguide_src))
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
  - Gusto Engineering
People
- Meetup Groups
- Maintainers
  - @tsandall - Torin Sandall 🇨🇦 - OPA co-creator ([Twitter](https://twitter.com/sometorin))
  - @timothyhinrichs - Tim Hinrichs 🇺🇸 - OPA co-creator ([Twitter](https://twitter.com/tlhinrichs))
  - @ashutosh-narkar - Ash Narkar 🇺🇸 - OPA maintainer ([Twitter](https://twitter.com/ashtalk))
  - @johanfylling - Johan Fylling 🇸🇪 - OPA maintainer ([Mastodon](https://hachyderm.io/@johanfylling), [Twitter](https://twitter.com/johanfylling))
  - @philipaconrad - Philip Conrad 🇺🇸 - OPA maintainer ([Twitter](https://twitter.com/philip_conrad))
  - @anderseknert - Anders Eknert 🇸🇪 - OPA developer advocate ([Mastodon](https://hachyderm.io/@anderseknert), [Twitter](https://twitter.com/anderseknert))
  - @charlieegan3 - Charlie Egan 🇬🇧 - OPA developer advocate ([Mastodon](https://hachyderm.io/@charlieegan3), [Twitter](https://twitter.com/charlieegan3))
  - @ritazh - Rita Zhang 🇺🇸 - Gatekeeper maintainer ([Mastodon](https://hachyderm.io/@ritazh), [Twitter](https://twitter.com/ritazzhang))
  - @jpreese - John Reese 🇺🇸 - Conftest maintainer ([Mastodon](https://hachyderm.io/@jpreese), [Twitter](https://twitter.com/johnpreese))
  - @jpreese - John Reese 🇺🇸 - Conftest maintainer ([Mastodon](https://hachyderm.io/@jpreese), [Twitter](https://twitter.com/johnpreese))
  - @open-policy-agent - Official OPA account 🌎 ([Twitter](https://twitter.com/OpenPolicyAgent))
  - @sozercan - Sertaç Özercan 🇺🇸 - Gatekeeper maintainer ([Mastodon](https://hachyderm.io/@[email protected]), [Twitter](https://twitter.com/sozercan))
  - @jpreese - John Reese 🇺🇸 - Conftest maintainer ([Mastodon](https://hachyderm.io/@jpreese), [Twitter](https://twitter.com/johnpreese))
- Community Stars
  - @Parsifal-M - Peter Macdonald 🇬🇧 - OPA contributor and active community member ([Mastodon](https://hachyderm.io/@parcifal), [Twitter](https://twitter.com/_PeterM_))
  - @m-mizutani - Masayoshi Mizutani 🇯🇵 - Security engineer. Prolific OPA & Rego advocate ([Twitter](https://twitter.com/m_mizutani))
  - @RoyOsaki - Roy Hiroyuki OSAKI 🇺🇸 - Research engineer. OPA community contributor ([Twitter](https://twitter.com/Hiroyuki_OSAKI))
  - @developer-guy - Batuhan Apaydin 🇹🇷 - OPA and many CNCF projects ([Mastodon](https://hachyderm.io/@developerguy), [Twitter](https://twitter.com/developerguyba))
  - @jaspervdj - Jasper Van der Jeugt 🇨🇭 - OPA contributor ([Mastodon](https://functional.cafe/@jaspervdj), [Twitter](https://github.com/jaspervdj-luminal))
  - @peteroneilljr - Peter O'Neill 🌎 - Ex OPA community advocate ([Mastodon](https://hachyderm.io/@Peteroneilljr), [Twitter](https://twitter.com/peteroneilljr))
  - @antonioberben - Antonio Berben 🇪🇸 - OPA Contributor & Blogger ([Twitter](https://twitter.com/antonioberben))
  - @Parsifal-M - Peter Macdonald 🇬🇧 - OPA contributor and active community member ([Mastodon](https://hachyderm.io/@parcifal), [Twitter](https://twitter.com/_PeterM_))
  - @m-mizutani - Masayoshi Mizutani 🇯🇵 - Security engineer. Prolific OPA & Rego advocate ([Twitter](https://twitter.com/m_mizutani))
  - @RoyOsaki - Roy Hiroyuki OSAKI 🇺🇸 - Research engineer. OPA community contributor ([Twitter](https://twitter.com/Hiroyuki_OSAKI))
  - @developer-guy - Batuhan Apaydin 🇹🇷 - OPA and many CNCF projects ([Mastodon](https://hachyderm.io/@developerguy), [Twitter](https://twitter.com/developerguyba))
  - @jaspervdj - Jasper Van der Jeugt 🇨🇭 - OPA contributor ([Mastodon](https://functional.cafe/@jaspervdj), [Twitter](https://github.com/jaspervdj-luminal))
  - @antonioberben - Antonio Berben 🇪🇸 - OPA Contributor & Blogger ([Twitter](https://twitter.com/antonioberben))
  - @antonioberben - Antonio Berben 🇪🇸 - OPA Contributor & Blogger ([Twitter](https://twitter.com/antonioberben))
  - @m-mizutani - Masayoshi Mizutani 🇯🇵 - Security engineer. Prolific OPA & Rego advocate ([Twitter](https://twitter.com/m_mizutani))
  - @developer-guy - Batuhan Apaydin 🇹🇷 - OPA and many CNCF projects ([Mastodon](https://hachyderm.io/@developerguy), [Twitter](https://twitter.com/developerguyba))
  - @nmeisenzahl - Nico Meisenzahl 🇩🇪 - All about OPA and cloud native topics ([Mastodon](https://fosstodon.org/@nmeisenzahl), [Twitter](https://twitter.com/nmeisenzahl))
  - @willbeason - Will Beason 🇺🇸 - Ex Gatekeeper maintainer ([Mastodon](https://functional.cafe/@[email protected]), [Twitter](https://twitter.com/willbeason))
  - @peteroneilljr - Peter O'Neill 🌎 - Ex OPA community advocate ([Mastodon](https://hachyderm.io/@Peteroneilljr), [Twitter](https://twitter.com/peteroneilljr))
  - @Parsifal-M - Peter Macdonald 🇬🇧 - OPA contributor and active community member ([Mastodon](https://hachyderm.io/@parcifal), [Twitter](https://twitter.com/_PeterM_))
  - @jaspervdj - Jasper Van der Jeugt 🇨🇭 - OPA contributor ([Mastodon](https://functional.cafe/@jaspervdj), [Twitter](https://github.com/jaspervdj-luminal))
IDE and Editor Integrations
- Datasource Integrations Blogs and Articles
  - VS Code plugin - Develop, test, debug, and analyze policies for OPA in VS Code
  - Atom - Syntax highlighting for the Atom editor
  - TextMate - Syntax highlighting for TextMate
  - Sublime - Syntax highlighting for Sublime
  - Prism - Prism is a lightweight, extensible syntax highlighter, built with modern web standards in mind (supports Rego)
  - IntelliJ plugin - OPA plugin for the IntelliJ IDE
  - Zed Extension - Zed extension for OPA and Rego leveraging [Regal](https://docs.styra.com/regal)
  - Emacs - Emacs Major mode for working with Rego
  - Vim - Vim plugin for the Rego language, with support for syntax highlighting
  - Null-ls - Use Neovim as a language server to inject LSP diagnostics, code actions, and more. Supports linting rego files.
  - CodeMirror - Rego mode and minimal key map for [CodeMirror](https://codemirror.net/)
  - Nano - Syntax highlighting for Nano
  - tree-sitter-rego - Tree-sitter grammar for Rego ([blog](https://decodeapps.pp.ua/blog/post/rego-treesitter))
  - highlight.js - Rego syntax support for [highlight.js](https://highlightjs.org/)
Testing
- Serverless Blogs and Articles
  - gator CLI - Command line unit test runner for OPA Gatekeeper
  - rego-test-assertions - Helper library for working with assertions in Rego unit tests
  - kube-review - CLI tool to quickly create [AdmissionReview](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) requests from Kubernetes resources
  - ocov - Colors `opa test --coverage` reports in the terminal
  - opa-codecov - Convert OPA test coverage report to a JSON format supported by Codecov
  - github-action-opa-rego-test - GitHub Action to automate testing for your OPA Rego policies and generates a report.
- Testing Blogs and Articles
  - Advanced Rego Testing Techniques - Great blog on testing patterns for Rego, by Nicholaos Mouzourakis
Support and Community
- Serverless Blogs and Articles
  - OPA Slack - Open Policy Agent Slack workspace
  - GitHub Discussions - Open Policy Agent Discussion Board
- Testing Blogs and Articles
  - GitHub Discussions - Open Policy Agent Discussion Board
  - Styra - Commercial support, and tools for managing OPA at scale, by the creators of OPA
  - Stack Overflow - Stack Overflow OPA section
Commercial Tools
- Meetup Groups
  - Styra DAS - Styra Declarative Authorization Service, from the creators of OPA
  - Enterprise OPA - Enterprise-grade authorization engine for data-heavy workloads
  - Scalr - Collaboration and Automation for Terraform, backed by OPA
  - Fairwinds Insights - Run OPA policies consistently across CI/CD, Admission Control, and an multi-cluster scanner
  - Snyk IaC - Test Infrastructure as Code source code repositories for security misconfigurations and best practices. The OPA golang libraries are used to evaluate Rego policies to detect misconfigurations in the repositories.
  - Spacelift
  - env0
  - Styra DAS - Styra Declarative Authorization Service, from the creators of OPA
  - Enterprise OPA - Enterprise-grade authorization engine for data-heavy workloads
  - Scalr - Collaboration and Automation for Terraform, backed by OPA
  - Fairwinds Insights - Run OPA policies consistently across CI/CD, Admission Control, and an multi-cluster scanner
  - Snyk IaC - Test Infrastructure as Code source code repositories for security misconfigurations and best practices. The OPA golang libraries are used to evaluate Rego policies to detect misconfigurations in the repositories.
  - Spacelift
  - env0
Community
- Meetup Groups
  - Slack
  - Slack
  - Slack
Other Usecases
- Testing Blogs and Articles
  - backstage-opa-plugins - Plugins for integrating OPA with [Backstage](https://backstage.io/), including OPA-based authorisation.
  - SansShell - A non-interactive daemon for host management, where any action is authorized by OPA
  - goast - Go AST (Abstract Syntax Tree) based static analysis tool using Rego
  - Reposaur - Audit, verify and report on development platforms (GitHub and others) easily with pre-defined and/or custom policies.
  - ScubaGear - Using Rego policies to assess the security posture of M365 tenants, by CISA
Policy Packages
- Blogs and Articles
  - Library - Community-owned policy library for OPA
  - Policy Hub CLI - CLI tool that makes Rego policies searchable
  - Appshield - Open Database of rego policies for common Infrastructure as Code files
  - Conftest policy packs - Collection of Conftest policies for "Compliance-as-Code" security policies and general engineering standards. Policies targeting Terraform, Dockerfiles, package.json (NodeJS) files, etc
  - Confectionary - A library of rules for Conftest used to detect Terraform misconfigurations.
  - Kubernetes Security Policies - Raspernetes library for fortifying cluster configurations
  - Kubescape Rego library - Comprehensive set of Kubernetes policies from Kubescape
Nomad
- Blogs and Articles
  - Nomad Admission Control Proxy - An admission controller that can be used as a proxy to Nomad's API for mutation and validation with builtin OPA support.
Tools and Utilities
- Testing Blogs and Articles
  - Regal - Regal is a linter for Rego, with the goal of making your Rego magnificent! ([blog](https://www.styra.com/blog/guarding-the-guardrails-introducing-regal-the-rego-linter/))
  - setup-opa - GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflows
  - Fregot - Alternative REPL implementation for Rego
  - OPA pre-commit - Pre-commit hooks for OPA/Rego/Conftest development
  - Monitor OPA Gatekeeper - Monitoring implementation guide for OPA Gatekeeper ([blog](https://sysdig.com/blog/monitor-gatekeeper-prometheus/))
  - OpenAPI to Rego - Generate Rego code given an OpenAPI 3.0 Specification
  - Temporal reasoning with OPA - Examples for working with time in Rego
  - OPAL - Realtime policy and data updates for your OPA agents on top of websockets pub/sub
  - OPA Action - OPA Pull-Request Assessor is a GitHub Action that checks files against policies configured in the same repo
  - OPA Schema Examples - Examples of extending the OPA type checker with JSON [schemas](https://www.openpolicyagent.org/docs/latest/schemas/)
  - Open Policy Containers - Secure software supply chains for OPA policies. Push, pull, tag, test, version, and sign OPA policies.
  - Snyk IaC Rules - Maintain library of Rego rules, run integration tests and build WASM bundles for distribution of rules. The OPA libraries are used to build WASM bundles.
  - Topaz - Topaz is an open-source application authorization project that uses OPA as the decision engine and supports Rego policies.
  - opactl - A simple tool to turn your Rego rule into CLI command ([blog](https://itnext.io/implement-a-policy-and-use-it-in-cli-de906237c6ab))
  - alfred - A self-hosted OPA Playground Alternative
  - opa-explorer - Visual tool for exploring the different compilation stages of the OPA topdown compiler
  - mcov - A tool that'll check your Rego source files and report the minimum compatible OPA version required
  - Rönd - Rönd is a lightweight container that distributes security policy enforcement throughout your application
  - rq (Rego Query) - jq-inspired tool to bring Rego to your shell pipelines
- Serverless Blogs and Articles
  - dependency-management-data (DMD)
Fun and Quirky
- Testing Blogs and Articles
  - Policing Christmas Tree - Using Rego to determine the correctness of Christmas tree decorations
  - Colorized - Colorized output for the OPA print function!
  - How I Used OPA to Help Me Solve Wordle - OPA as a Wordle assistant
  - Corrupting OPA to Run My Games - Fun blog on using OPA for game engines

Programming Languages

Go 34 Open Policy Agent 20 Python 10 Java 9 C# 7 TypeScript 6 JavaScript 4 CSS 3 Shell 3 Clojure 2

awesome-opa

Official projects

Blogs and Articles

Docs

Repositories

Infrastructure as Code

Infrastructure as Code Blogs and Articles

Datasource Integrations Blogs and Articles

Language and Platform Integrations

Containers

Python

Go

Rust

Java

PHP

.NET

Node.js

Clojure

Docker

CPP

Typescript

WebAssembly (Wasm)

Typescript

WebAssembly Blogs and Articles

Docs

Built with Wasm

Kubernetes

Built with Wasm

Service Mesh Authorization

Blogs and Articles

Datasource Integrations

Blogs and Articles

Datasource Integrations Blogs and Articles

Serverless

Serverless Blogs and Articles

Infrastructure as Code Blogs and Articles

Recommended Reading

Testing Blogs and Articles

People

Meetup Groups

Maintainers

Community Stars

IDE and Editor Integrations

Datasource Integrations Blogs and Articles

Testing

Serverless Blogs and Articles

Testing Blogs and Articles

Support and Community

Serverless Blogs and Articles

Testing Blogs and Articles

Commercial Tools

Meetup Groups

Community

Meetup Groups

Other Usecases

Testing Blogs and Articles

Policy Packages

Blogs and Articles

Nomad

Blogs and Articles

Tools and Utilities

Testing Blogs and Articles

Serverless Blogs and Articles

Fun and Quirky

Testing Blogs and Articles