Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with policy-as-code

A curated list of projects in awesome lists tagged with policy-as-code .

https://github.com/permitio/opal

Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)

authorization cedar hacktoberfest microservices opa opal open-policy-agent openfga policy policy-as-code pubsub realtime websocket

Last synced: 22 Jan 2026

https://github.com/octelium/octelium

A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA platform, API/AI/MCP gateway, a PaaS, an ngrok-alternative and a homelab infrastructure.

abac ai-gateway api-gateway beyondcorp homelab kubernetes mcp-gateway mfa opentelemetry paas policy-as-code quic remote-access ssh sso tunnel vpn wireguard zero-trust ztna

Last synced: 15 Apr 2026

https://github.com/someengineering/fixinventory

Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.

aws cnapp cspm cybersecurity digitalocean gcp infrastructure-as-code policy-as-code security security-audit security-automation

Last synced: 23 Oct 2025

https://github.com/aws-cloudformation/cloudformation-guard

Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0

cfn-guard cloudformation compliance governance k8s policy-as-code policy-rule-evaluation security terraform

Last synced: 13 May 2025

https://github.com/opengovern/opensecurity

opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.

audit cloud-security compliance container-security cspm devsecops optimization oss policy-as-code security security-auditing-tool

Last synced: 12 Jan 2026

https://github.com/selefra/selefra

The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

aws azure chatgpt cloud cspm devops finops gcp golang google infrastructure-as-code kubernetes openai policy-as-code terraform

Last synced: 16 Jan 2026

https://github.com/mondoohq/cnspec

An open source, cloud-native security to protect everything from build to runtime

cloud-native compliance declarative kubernetes opensource policy policy-as-code security security-as-code

Last synced: 05 Jun 2026

https://github.com/open-policy-agent/regal

Regal is a linter and language server for Rego, bringing your policy development experience to the next level!

code-quality language-server linter lsp magnificent opa open-policy-agent policy-as-code rego static-analysis

Last synced: 23 Sep 2025

https://github.com/styrainc/regal

Regal is a linter and language server for Rego, bringing your policy development experience to the next level!

code-quality language-server linter lsp magnificent opa open-policy-agent policy-as-code rego static-analysis

Last synced: 16 May 2025

https://github.com/StyraInc/regal

Regal is a linter for Rego, with the goal of making your Rego magnificent!

code-quality language-server lint linter linters lsp magnificent opa open-policy-agent policy-as-code rego static-analysis

Last synced: 11 May 2025

https://github.com/kubewarden/adm-controller

Manage admission policies in your Kubernetes cluster with ease

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 01 May 2026

https://github.com/microsoft/regorus

Regorus - A fast, lightweight Rego (OPA policy language) interpreter written in Rust.

c confidential-computing cpp csharp golang interpreter java javascript no-std opa policy-as-code python rego rust wasm

Last synced: 31 Jan 2026

https://github.com/stakpak/devx

A tool for generating, validating & sharing all your configurations, powered by CUE. Works with Kubernetes, Terraform, Compose, GitHub actions and much more...

cloud-native config-as-data configuration-management devops devx gitops infrastructure-as-code platform-engineering policy-as-code schema shift-left validation

Last synced: 30 Mar 2025

https://github.com/globalbao/azure-policy-as-code

Bicep and Terraform code examples for policy-as-code workflows. Azure governance guardrails and automation - by @JesseLoudon

armtemplates azure azure-policy azuredevops azurepolicy azurerm bicep cicd custom-policies devops policy-as-code terraform terraform-azurerm

Last synced: 02 Mar 2026

https://github.com/permitio/cedar-agent

Cedar-agent is the easiest way to deploy and run Cedar

cedar opal open-policy policy-as-code

Last synced: 13 Sep 2025

https://github.com/kubewarden/policy-server

Webhook server that evaluates WebAssembly policies to validate Kubernetes requests

hacktoberfest kubernetes kubernetes-security kubernetes-webhook policy policy-as-code rust webassembly

Last synced: 12 Aug 2025

https://github.com/open-policy-agent/vscode-opa

An extension for VS Code which provides support for OPA and the Rego policy language

opa open-policy-agent policy-as-code rego vscode-extension

Last synced: 05 Apr 2025

https://github.com/chef/cookstyle

A linting tool that helps you to write better Chef Infra cookbooks and InSpec profiles by detecting and automatically correcting style, syntax, and logic mistakes in your code.

chef chef-infra controls cookbook hacktoberfest inspec linting policy-as-code profile recipes rubocop

Last synced: 25 Jun 2025

https://github.com/cleancloud-io/cleancloud

Shift-left cloud hygiene for AWS, Azure & GCP - deterministic read-only waste detection with no agents, no telemetry, safe for regulated environments.

aws azure cicd cloud cloud-cost cloud-cost-optimisation cloud-security devops fin-ops gcp infrastructure policy-as-code sovereign sovereign-cloud sovereign-tech sre

Last synced: 06 May 2026

https://github.com/hexa-org/policy-orchestrator

Hexa Policy Orchestrator enables you to manage all of your access policies consistently across software providers.

cloud-native policy-as-code security

Last synced: 30 Apr 2025

https://github.com/ops0-ai/ops0-cli

Stop your AI agent from shipping insecure IaC. ops0 CLI sits between Claude Code, Codex or Gemini and your cloud, scanning every .tf the agent writes and blocking destroy commands before they run.

ai-agents audit-log claude-code cli-tool codex devsecops gemini-cli golang-cli governance iac mcp opentofu oxid policy-as-code terraform

Last synced: 15 May 2026

https://github.com/augur-ai/mantis

Mantis is a unified infrastructure as code framework that replaces Terraform and Helm

helm-charts infrastructure-as-code kubernetes kubernetes-deployment opentofu policy-as-code terraform

Last synced: 09 Mar 2026

https://github.com/appvia/psp-migration

Recreation of common Pod Security Policy configuration in other common Kubernetes policy engines

gatekeeper hacktoberfest k8s kubernetes kubernetes-security kubewarden kyverno opa pod-security-policy podsecuritypolicies podsecuritypolicy policy-as-code psp security yaml

Last synced: 06 Jun 2026

https://github.com/anderseknert/rego-test-assertions

Tiny Rego library with helper functions for unit testing

assertions assertions-library opa open-policy-agent policy policy-as-code rego testing

Last synced: 17 Feb 2026

https://github.com/GoogleCloudPlatform/gcp-hardening-toolkit

Deep GCP security hardening via automated triage and state-aware IaC. Built to power rapid, agile task-force engagements and remediate complex brownfield environments at scale.

compliance-as-code gcp gemini-cli-extension google-cloud-platform policy-as-code security-hardening terraform

Last synced: 24 Jun 2026

https://github.com/kopexa-grc/kspec

A modern, extensible framework for defining and enforcing security policies across your digital infrastructure.

audit-automation automation cloud-security compliance grc grc-engineering identity-security iso27001 nis2 policy-as-code security-as-code security-audit

Last synced: 11 Feb 2026

https://github.com/pulumi/pulumi-policy

Pulumi's Policy as Code SDK, CrossGuard. Define infrastructure checks in code to enforce security, compliance, cost, and other practices, enforced at deployment time.

javascript policy policy-as-code pulumi python typescript

Last synced: 05 Apr 2025

https://github.com/aipotheosis-labs/gate22

Open-source MCP gateway and control plane for teams to govern which tools agents can use, what they can do, and how it’s audited—across agentic IDEs like Cursor, or other agents and AI tools.

agents ai ai-agents control-plane gateway guardrails llm mcp mcp-tools oauth2 open-source permissions policy-as-code rbac

Last synced: 13 Oct 2025

https://github.com/nscuro/dtapac

Audit Dependency-Track findings and policy violations via policy as code

dependency-track dtrack go golang opa open-policy-agent owasp policy-as-code

Last synced: 21 Aug 2025

https://github.com/permitio/pdp

Permit Policy Decision Point service. High-performance, policy-driven authorization for your apps and service.

authorization microservice opa opal open-policy-agent permit permitio policy policy-as-code python realtime rust websocket

Last synced: 13 May 2026

https://github.com/googlecloudplatform/gcp-hardening-toolkit

Deep GCP security hardening via automated triage and state-aware IaC. Built to power rapid, agile task-force engagements and remediate complex brownfield environments at scale.

compliance-as-code gcp gemini-cli-extension google-cloud-platform policy-as-code security-hardening terraform

Last synced: 29 Apr 2026

https://github.com/jonathan-vella/what-the-caf

What The CAF (WTC) is a learning path for Microsoft partners based on the Microsoft Cloud Adoption Framework for Azure (CAF). It is guidance that's designed to help partners create and use robust processes to ensure customer success across all phases building solutions on Azure, from the assessment phase to design, pilot, implementation, and post-implementation phases.

architecture azure cloud-adoption-framework governance landing-zones microsoft policy-as-code well-architected

Last synced: 07 Apr 2026

https://github.com/samy-dougui/ptf

Policy as Code framework to control your Terraform deployments with HCL files.

cli go hcl2 policy policy-as-code terraform

Last synced: 05 Jul 2025

https://github.com/skorfmann/cloudpatrol

Policy as Code for the Cloud Development Kit (CDK)

aws aws-cdk cdk cloud policy-as-code typescript

Last synced: 04 Sep 2025

https://github.com/StyraInc/zed-rego

Zed extension for the Rego policy language from Open Policy Agent (OPA)

code-quality developer-experience editor opa open-policy-agent policy-as-code regal rego zed

Last synced: 12 May 2025

https://github.com/nirmata/kyverno-policies

Curated Kyverno Policy Sets from Nirmata

kubernetes kyverno policy-as-code security

Last synced: 22 Sep 2025

https://github.com/samvas-codes/cspm-gpt

The following is a simple example of how LLMs and langchain agents can simplify asking questions to understand the security posture of a cloud environment.

aws azure chatgpt cloud cloud-security cloud-security-audit cloud-security-posture-management cspm cybersecurity devsecops docker gcp gpt langchain neo4j open-source openai policy-as-code python

Last synced: 16 Jul 2025

https://github.com/0x6f677548/zerotrust-ca-powertoys

CA-PowerToys is a set of tools to help you manage Conditional Access policies. It is a command line tool that can be used to export, import, and clean up Conditional Access policies and associated Groups, helping to implement a Policy-as-Code approach.

azuread conditional-access entraid identity infosec policy-as-code powertoys zerotrust

Last synced: 12 May 2025

https://github.com/actionsdesk/github-actions-allow-list-as-code-action

Automate GitHub Actions allow list for GitHub Enterprise Cloud accounts

automation github-actions github-enterprise-cloud policy-as-code

Last synced: 03 Aug 2025

https://github.com/kubewarden/deprecated-api-versions-policy

A Kubewarden Policy that detects usage of deprecated and dropped Kubernetes resources

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/agile-lab-dev/governance-decision-record

The Governance Decision Record (GDR) is a specification model for (computational) data governance policies inspired from the ADR (Architectural Decision Record).

architectural-decision-records data data-governance data-management data-management-platform data-mesh federated-computational-governance governance-decision-record platform policy-as-code

Last synced: 04 Feb 2026

https://github.com/kube-tarian/sigrun

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

artifacts container-security containers containersecurity cosign fulcio gatekeeper kubernetes kubernetes-security kubernetessecurity opa open-policy-agent pods policy-as-code rekor signature signature-verification sigstore

Last synced: 01 May 2025

https://github.com/kubewarden/verify-image-signatures

A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/safedep/vet-action

GitHub Action for policy driven vetting of open source dependencies

devsecops policy-as-code software-composition-analysis supply-chain-security

Last synced: 02 Feb 2026

https://github.com/kubewarden/pod-privileged-policy

A Kubewarden Policy that limits the ability to create privileged containers

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 05 Sep 2025

https://github.com/kubewarden/go-policy-template

A template repository to quickly scaffold a Kubewarden policy written with Go language

go golang hacktoberfest kubernetes kubernetes-security kubewarden-policy-template policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/sloopstash/kickstart-ansible

Deploy diverse platforms, workloads, and services in cloud or on-premise servers with advanced automation and configuration management using Ansible.

ansible ansible-playbook ansible-resources ansible-tower automation docker-compose infrastructure infrastructure-as-code platform policy-as-code server workload

Last synced: 17 Jan 2026

https://github.com/kubewarden/policy-fetcher

Crate used by Kubewarden that is able to pull policies from OCI registries and HTTP servers.

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/aryaminus/controlkeel

Agent control plane for governed AI coding: validate changes, enforce policy gates, track findings, proofs, and evals based on your habits.

agents ai-agents ai-governance benchmark code-review compliance compliance-as-code devsecops elixir evals llm mcp model-context-protocol observability phoenix policy-as-code security skills tooling

Last synced: 13 Jun 2026

https://github.com/kubewarden/audit-scanner

Reports evaluation of existing Kubernetes resources with your already deployed Kubewarden policies.

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/kubewarden/k8s-objects-generator

CLI tool that generates Kubernetes Go types that can be used with TinyGo starting from the official OpenAPI spec

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/esonhugh/cloudpolicy

An Cloud PolicyDocument go parsing library for AWS-like Cloud providers

aws cloud cloud-policy cloud-security cloud-security-audit golang library policy policy-as-code policy-evaluation

Last synced: 15 Jul 2025

https://github.com/kubewarden/user-group-psp-policy

This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy that controls containers user and groups

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 17 Aug 2025

https://github.com/kubewarden/allowed-proc-mount-types-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of /proc mount types

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/mondoohq/ansible-mondoo

Ansible Role for Mondoo cnquery and cnspec

ansible policy policy-as-code security security-as-code

Last synced: 29 Jan 2026

https://github.com/kubewarden/trusted-repos-policy

A Kubewarden policy that restricts what registries, tags and images can pods on your cluster refer to

hacktoberfest kubernetes kubernetes-compliance kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/kubewarden/apparmor-psp-policy

A Kubewarden Pod Security Policy that controls usage of AppArmor profiles

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 17 Jun 2025

https://github.com/jfrog/jfrog-opa-policy

This repository provider a JFrog sample implementation of an OPA Gatekeeper provider with usage example. the provider, template and policies are allowing the validation of JFrog verified evidence by OPA Gatekeeper for preventing any non-approved images to be deployed into the user's cluster

attestations evidence gatekeeper jfrog opa policy policy-as-code

Last synced: 26 Jun 2026

https://github.com/open-policy-agent/opa-springboot

The Styra-supported driver to connect Spring Boot applications to Open Policy Agent (OPA) and Enterprise OPA deployments.

java java-sdk open-policy-agent policy-as-code spring-boot springboot styra

Last synced: 05 Sep 2025

https://github.com/kubewarden/allow-privilege-escalation-psp-policy

A Kubewarden Pod Security Policy that controls usage of allowPrivilegeEscalation

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/kubewarden/env-variable-secrets-scanner-policy

A Kubewarden Policy that detects secrets (ssh private keys, API tokens, etc) leaked via environment variables

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 28 Jun 2025

https://github.com/infamousjoeg/conjur-policies

@CyberArk @ConjurInc policies for my lab

conjur cyberark policy-as-code

Last synced: 13 Apr 2025

https://github.com/0x6f677548/zerotrust-ca-policies

Sample policies to implement a Zero Trust User Access strategy using Entra ID Conditional Access

azuread conditional-access entraid identity infosec infosectools policy-as-code powertoys zerotrust

Last synced: 12 Mar 2025

https://github.com/kubewarden/allowed-fsgroups-psp-policy

Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context

hacktoberfest kubernetes kubernetes-security kubewarden-policy pod-security-policy policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/paloaltonetworks/iac-pac-automation

Policy-as-code automation for Prisma Cloud Code Security and Bridgecrew.

iac policy-as-code prisma-cloud

Last synced: 27 Oct 2025

https://github.com/kubewarden/github-actions

GitHub actions used by the Kubewarden project

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 20 Apr 2026

https://github.com/kubewarden/k8s-objects

Experimental: Kubernetes Go types that can be used with TinyGo

hacktoberfest kubernetes kubernetes-security policy-as-code webassembly

Last synced: 12 Aug 2025

https://github.com/paulveillard/cybersecurity-policy-as-code

An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Policy-As-Code.

backend-as-a-service infrastructure-as-code policies policy policy-as-code policy-management remediation

Last synced: 23 Jul 2025

https://github.com/laa-software-engineering/agentic-control-plane

Terraform-style plan/apply for agent systems: versioned YAML for agents, tools, workflows, and policies; local-first SQLite state; MCP & HTTP tools; structured traces.

agents ai-agents cli declarative gitops golang llm mcp model-context-protocol orchestration policy-as-code sqlite workflow yaml

Last synced: 07 Jun 2026