Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Open Policy Agent

The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.

Community & Support

What is OPA

https://github.com/open-policy-agent/opa

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

authorization cloud-native compliance declarative doge json lolcat opa open-policy-agent policy

Last synced: 29 Jan 2026

https://github.com/permitio/opal

Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)

authorization cedar hacktoberfest microservices opa opal open-policy-agent openfga policy policy-as-code pubsub realtime websocket

Last synced: 22 Jan 2026

https://github.com/open-policy-agent/conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language

kubernetes open-policy-agent openpolicyagent rego testing

Last synced: 15 Apr 2026

https://github.com/walidshaari/certified-kubernetes-security-specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 15 May 2025

https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy

Last synced: 08 May 2025

https://github.com/checkmarx/kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners

Last synced: 09 Jan 2026

https://github.com/Checkmarx/kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners

Last synced: 14 Mar 2025

https://github.com/aquasecurity/chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

cis devsecops go golang misconfiguration open-policy-agent security security-tools software-supply-chain software-supply-chain-security vulnera

Last synced: 13 Oct 2025

https://github.com/plexsystems/konstraint

A policy management tool for interacting with Gatekeeper

conftest gatekeeper kubernetes opa open-policy-agent policy rego

Last synced: 14 Jan 2026

https://github.com/open-policy-agent/regal

Regal is a linter and language server for Rego, bringing your policy development experience to the next level!

code-quality language-server linter lsp magnificent opa open-policy-agent policy-as-code rego static-analysis

Last synced: 23 Sep 2025

https://github.com/open-policy-agent/contrib

Integrations, examples, and proof-of-concepts that are not part of OPA proper.

contrib hack integrations opa open-policy-agent proof-of-concept

Last synced: 05 Apr 2025

https://github.com/styrainc/regal

Regal is a linter and language server for Rego, bringing your policy development experience to the next level!

code-quality language-server linter lsp magnificent opa open-policy-agent policy-as-code rego static-analysis

Last synced: 16 May 2025

https://github.com/cisagov/scubagoggles

SCuBA Secure Configuration Baselines and assessment tool for Google Workspace

cisa cybersecurity google google-workspace gws opa open-policy-agent open-source python scuba scubaconnect security security-automation

Last synced: 14 Oct 2025

https://github.com/StyraInc/regal

Regal is a linter for Rego, with the goal of making your Rego magnificent!

code-quality language-server lint linter linters lsp magnificent opa open-policy-agent policy-as-code rego static-analysis

Last synced: 11 May 2025

https://github.com/cisagov/ScubaGoggles

SCuBA Secure Configuration Baselines and assessment tool for Google Workspace

cisa cybersecurity google google-workspace gws opa open-policy-agent open-source python scuba security security-automation

Last synced: 10 Mar 2025

https://github.com/raspbernetes/k8s-security-policies

This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kubernetes benchmark.

benchmark cis cis-kubernetes-benchmark conftest gatekeeper kubernetes kubernetes-clusters kubesec open-policy-agent raspbernetes rego-files rego-policy security violation

Last synced: 12 May 2025

https://github.com/open-policy-agent/npm-opa-wasm

Open Policy Agent WebAssembly NPM module (opa-wasm)

authorization browser declarative deno nodejs opa open-policy-agent policy wasm webassembly

Last synced: 12 Apr 2025

https://github.com/open-policy-agent/vscode-opa

An extension for VS Code which provides support for OPA and the Rego policy language

opa open-policy-agent policy-as-code rego vscode-extension

Last synced: 05 Apr 2025

https://github.com/replicatedhq/gatekeeper

Kubernetes Operator to manage Dynamic Admission Controllers using Open Policy Agent

admission-controllers crd kubebuilder kubernetes kubernetes-operator open-policy-agent

Last synced: 09 May 2025

https://github.com/mhausenblas/the-container-security-book

The Container Security Book—a free book for practitioners

aws book containers ecs kubernetes open-policy-agent policy security service-mesh

Last synced: 13 Oct 2025

https://github.com/quicsec/quicsec

HTTP/3-enable existing HTTP apps. Leverage HTTP3 native features and auto-enable workload identity (SPIFFE), AuthN (mTLS/x509, OIDC/Auth0-Okta), AuthZ (OPA), defense-in-depth (WAAP/WAF), and observability (metrics, logs, alerting, dashboard).

auth0 authentication cert-manager cloud-native grafana http http3 kubernetes loki metrics mtls oidc okta open-policy-agent prometheus quic security spiffe waf zero-trust

Last synced: 12 Apr 2025

https://github.com/instrumenta/policies

A set of shared policies for use with Conftest and other Open Policy Agent tools

conftest open-policy-agent

Last synced: 26 Feb 2025

https://github.com/developer-guy/container-image-sign-and-verify-with-cosign-and-opa

This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)

cosign cosign-http-wrapper go golang opa open-policy-agent proof-of-concept

Last synced: 30 Apr 2025

https://github.com/cmacrae/kove

Watch your in cluster Kubernetes manifests for OPA policy violations and export them as Prometheus metrics

go golang kubernetes metrics monitoring observability opa open-policy-agent prometheus prometheus-exporter rego

Last synced: 20 Mar 2025

https://github.com/christophwille/dotnet-opa-wasm

Call Open Policy Agent (OPA) policies in WASM (Web Assembly) from .NET Core

csharp dotnet-core opa open-policy-agent wasm wasmtime web-assembly webassembly

Last synced: 09 May 2025

https://github.com/christophwille/csharp-opa-wasm

Call Open Policy Agent (OPA) policies in WASM (Web Assembly) from .NET Core

csharp dotnet-core opa open-policy-agent wasm wasmtime web-assembly webassembly

Last synced: 06 Mar 2025

https://github.com/anderseknert/rego-test-assertions

Tiny Rego library with helper functions for unit testing

assertions assertions-library opa open-policy-agent policy policy-as-code rego testing

Last synced: 17 Feb 2026

https://github.com/xchapter7x/hcunit

Helm Chart Unit: helps to unit test rendering of your templates using policies

helm helm-plugin helm-plugins opa open-policy-agent rego unit-test unit-testing unittest unittesting unittests

Last synced: 26 Jan 2026

https://github.com/open-policy-agent/community

The Community repository is the place to go for support with OPA and OPA Sub-Projects, like Conftest and Gatekeeper.

conftest gatekeeper opa open-policy-agent rego

Last synced: 10 Apr 2025

https://github.com/nscuro/dtapac

Audit Dependency-Track findings and policy violations via policy as code

dependency-track dtrack go golang opa open-policy-agent owasp policy-as-code

Last synced: 21 Aug 2025

https://github.com/permitio/pdp

Permit Policy Decision Point service. High-performance, policy-driven authorization for your apps and service.

authorization microservice opa opal open-policy-agent permit permitio policy policy-as-code python realtime rust websocket

Last synced: 13 May 2026

https://github.com/psibi/rego-mode

Emacs major mode for OPA's rego language

major-mode opa open-policy-agent rego

Last synced: 30 Jun 2025

https://github.com/styrainc/enterprise-opa

Enterprise OPA is a distribution of Open Policy Agent with enterprise-grade features to get OPA into production quickly, easily, and inexpensively.

authorization opa open-policy-agent performance policy styra

Last synced: 05 Sep 2025

https://github.com/chen-keinan/mesh-kridik

mesh-kridik is an open-source security checker that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

istio kubernetes kubernetes-cluster opa open-policy-agent open-source policy scanner security service-mesh

Last synced: 13 Jun 2025

https://github.com/zenitysec/sphinx-rego

Sphinx extension that automatically documents Open Policy Agent Rego policies

conftest documentation-tool opa open-policy-agent open-policy-agent-python rego sphinx

Last synced: 12 May 2025

https://github.com/open-policy-agent/opa-typescript

Open Source TypeScript packages for use with Open Policy Agent (OPA).

access-control authorization javascript opa open-policy-agent rbac role-based-access-control sdk typescript

Last synced: 30 Apr 2026

https://github.com/masterpointio/github-action-opa-rego-test

GitHub Action to automate testing for your OPA (Open Policy Agent) Rego policies, generates a report with coverage information, and posts the test results as a comment on your pull requests.

github-action github-actions opa opa-testing open-policy-agent rego rego-test rego-testing

Last synced: 11 Apr 2025

https://github.com/kevinswiber/spego

A set of policies for Open Policy Agent to validate OpenAPI definitions.

conftest linter opa open-policy-agent openapi

Last synced: 11 Mar 2026

https://github.com/chrisns/k8s-opa-boilerplate

Boilerplate example of managing OPA with kustomize

hacktoberfest kubernetes kustomize opa open-policy-agent rego yaml

Last synced: 22 Apr 2025

https://github.com/open-policy-agent/opa-java

A driver to connect via Java to Open Policy Agent (OPA) deployments.

opa open-policy-agent sdk-java

Last synced: 16 Dec 2025

https://github.com/StyraInc/zed-rego

Zed extension for the Rego policy language from Open Policy Agent (OPA)

code-quality developer-experience editor opa open-policy-agent policy-as-code regal rego zed

Last synced: 12 May 2025

https://github.com/StyraInc/opa-java

The Styra-supported driver to connect via Java to Open Policy Agent (OPA) and Enterprise OPA deployments.

opa open-policy-agent sdk-java

Last synced: 12 May 2025

https://github.com/ibm-cloud/terraform-opa-ibm

An OPA library to develop IT Control policies, for the IBM Cloud

ibm-cloud open-policy-agent rego terraform

Last synced: 18 Aug 2025

https://github.com/IBM-Cloud/terraform-opa-ibm

An OPA library to develop IT Control policies, for the IBM Cloud

ibm-cloud open-policy-agent rego terraform

Last synced: 12 May 2025

https://github.com/statcan/gatekeeper-policies

Policies that are to be enforced by GateKeeper for the Cloud Native Platform

cloud-native cns gatekeeper kubernetes opa open-policy-agent

Last synced: 04 Sep 2025

https://github.com/go-training/opa-restful

Setup REST API with Open Policy Agent

open-policy-agent restful-api

Last synced: 09 Apr 2025

https://github.com/go-training/opa-embed

Open Policy Agent Demo for Embed file in Go

embedmd open-policy-agent rbac rego

Last synced: 17 Oct 2025

https://github.com/m-mizutani/ghaudit

CLI audit tool for GitHub organization with OPA/Rego

github go open-policy-agent rego

Last synced: 27 Feb 2026

https://github.com/umbrellaassociates/opa-spicedb

Open Policy Agent extension for Authzed SpiceDB

open-policy-agent spicedb

Last synced: 13 Oct 2025

https://github.com/kube-tarian/sigrun

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

artifacts container-security containers containersecurity cosign fulcio gatekeeper kubernetes kubernetes-security kubernetessecurity opa open-policy-agent pods policy-as-code rekor signature signature-verification sigstore

Last synced: 01 May 2025

https://github.com/crcsmnky/gatekeeper-istio

Using OPA Gatekeeper to deny admission or audit Istio and Istio-related objects

gatekeeper istio kubernetes open-policy-agent

Last synced: 18 Mar 2025

https://github.com/srenatus/opa-explorer

Graphical user interface showcasing the different stages of Rego compilation in OPA

compiler opa open-policy-agent rego

Last synced: 06 Apr 2025

https://github.com/mhausenblas/temporal-opa

Temporal reasoning with OPA

examples open-policy-agent rego temporal time

Last synced: 04 Jan 2026

https://github.com/cyclenerd/cloud-tools-container

📦 Ready-to-use Docker container image with cloud tools (AWS CLI, Google Cloud CLI, Terraform, Packer, Ansible)

ansible aws awscli circleci container-image docker docker-image gcloud gcloud-cli gcloud-sdk gcp google-cloud google-cloud-platform helm k8s kubectl kubernetes open-policy-agent packer terraform

Last synced: 18 Mar 2025

https://github.com/ashutoshsce/opa-rbac

Rest API of Role-based Access Control using Open Policy Agent

blog blog-api grants opa open-policy-agent permissions rbac rbac-configuration rbac-management rbac-roles rego

Last synced: 05 Mar 2026

https://github.com/anderseknert/opa-policy-composition

Example policies demonstrating policy composition.

opa open-policy-agent rego

Last synced: 04 Jan 2026

https://github.com/open-policy-agent/opa-springboot

The Styra-supported driver to connect Spring Boot applications to Open Policy Agent (OPA) and Enterprise OPA deployments.

java java-sdk open-policy-agent policy-as-code spring-boot springboot styra

Last synced: 05 Sep 2025

https://github.com/open-policy-agent/opa-csharp

A driver to connect via C# to Open Policy Agent (OPA) deployments

opa open-policy-agent sdk-csharp sdk-dotnet sdk-net

Last synced: 11 Oct 2025

https://github.com/StyraOSS/mcov

Minimum compatible OPA version checker

opa open-policy-agent rego

Last synced: 05 Sep 2025

https://github.com/styrainc/roast

Roast is an optimized JSON format for Rego ASTs, as well as some common utilities for working with it.

ast golang golang-library library opa open-policy-agent regal rego static-analysis

Last synced: 11 Apr 2025

https://github.com/StyraOSS/roast

Roast is an optimized JSON format for Rego ASTs, as well as some common utilities for working with it.

ast golang golang-library library opa open-policy-agent regal rego static-analysis

Last synced: 18 Nov 2025

https://github.com/shelmangroup/envoy-oidc-authserver

An implementation of Envoy External Authorization

authentication envoy ext-authz k8s oidc open-policy-agent

Last synced: 08 Apr 2025

https://github.com/asankov/securing-kubernetes-with-open-policy-agent

Overview on how and why to secure your Kubernetes cluster by using Open Policy Agent and Gatekeeper

gatekeeper hacktoberfest kubernetes open-policy-agent

Last synced: 28 Jul 2025

https://github.com/anderseknert/opa-sign-verify

Demo of OPA bundle signature creation and verification

bundle-signing bundle-verification bundles opa open-policy-agent security

Last synced: 07 Sep 2025

https://github.com/nkypy/gopa

open policy agent gin middleware for custom usage

gin gin-gonic middleware opa open-policy-agent

Last synced: 17 Jan 2026

https://github.com/edgeflare/traefikopa

Open Policy Agent (OPA) Authorization middleware for Traefik

opa open-policy-agent traefik traefik-plugin

Last synced: 18 Jan 2026

https://github.com/StyraOSS/academy-samples

Styra Academy code samples and other supporting material.

opa open-policy-agent styra terraform terraform-cloud

Last synced: 05 Sep 2025

https://github.com/yunosukey/policy-for-pss

Conftest Policy for Pod Security Standards

conftest gatekeeper kubernetes open-policy-agent

Last synced: 31 Aug 2025

https://github.com/rinx/nvim-dap-rego

An nvim-dap extension for debugging OPA/Rego using StyraInc/regal

neovim nvim-dap opa open-policy-agent rego

Last synced: 26 Jan 2026

https://github.com/anderseknert/colorized

Colorized output for the Rego print function!

colorize colors opa open-policy-agent print rego

Last synced: 03 Jan 2026

Open Policy Agent Awesome Lists
awesome-opa 223
Open Policy Agent Categories
Language and Platform Integrations 39 Kubernetes 32 Tools and Utilities 24 People 23 WebAssembly (Wasm) 17 Infrastructure as Code 15 IDE and Editor Integrations 15 Official projects 13 Datasource Integrations 12 Recommended Reading 8 Testing 7 Policy Packages 7 Commercial Tools 5 Other Usecases 5 Support and Community 4 Fun and Quirky 4 Serverless 3 Nomad 1 Community 1