https://github.com/redhat-cop/rego-policies

Rego policies collection
https://github.com/redhat-cop/rego-policies

conftest container-cop gatekeeper opa rego

Last synced: 11 days ago
JSON representation

Rego policies collection

• Host: GitHub
• URL: https://github.com/redhat-cop/rego-policies
• Owner: redhat-cop
• License: apache-2.0
• Created: 2020-05-11T02:59:34.000Z (almost 5 years ago)
• Default Branch: main
• Last Pushed: 2025-03-24T17:32:04.000Z (22 days ago)
• Last Synced: 2025-03-28T07:08:38.692Z (18 days ago)
• Topics: conftest, container-cop, gatekeeper, opa, rego
• Language: Shell
• Homepage:
• Size: 3.14 MB
• Stars: 165
• Watchers: 9
• Forks: 36
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

• awesome-opa - Red Hat Rego Policies - Red Hat Rego policies collection (Kubernetes / Built with Wasm)

README

        
[![Lint policies with OPA/Regal](https://github.com/redhat-cop/rego-policies/actions/workflows/regal-lint.yaml/badge.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/regal-lint.yaml)

[![Run conftest-unittests.sh](https://github.com/redhat-cop/rego-policies/actions/workflows/conftest-unittests.yaml/badge.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/conftest-unittests.yaml)

[![Run gatekeeper-k8s-integrationtests.sh](https://github.com/redhat-cop/rego-policies/actions/workflows/gatekeeper-k8s-integrationtests.yaml/badge.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/gatekeeper-k8s-integrationtests.yaml)

[![Run pre-commit](https://github.com/redhat-cop/rego-policies/actions/workflows/precommit-validate.yml/badge.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/precommit-validate.yml)

[![Scorecard supply-chain security](https://github.com/redhat-cop/rego-policies/actions/workflows/scorecard.yml/badge.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/scorecard.yml)

# rego-policies

[Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) policies collection.

## Policies

For a full list of policies, see the auto-generated [POLICIES.md](POLICIES.md)

The naming of the policies follows the Gatekeeper format, as described [here.](https://github.com/plexsystems/konstraint/blob/main/docs/constraint_creation.md#resource-naming)

Want to run the policies on a k8s/OCP cluster? See [TESTING.md](TESTING.md)

## Tools

### Conftest

conftest is a CLI to execute rego policies. It can be used to test locally before pushing to [OPA](https://www.openpolicyagent.org/).

- [https://www.conftest.dev/install](https://www.conftest.dev/install/)

### OPA Playground

OPA provides a web based playground, which can highlight which lines have been activated. Having issues with your policy? check it out with "Coverage" enabled:

- [https://play.openpolicyagent.org](https://play.openpolicyagent.org)

### Slack for all things

Stuck on a problem?

- [https://slack.openpolicyagent.org/](https://slack.openpolicyagent.org/)