A curated list of awesome Open Policy Agent (OPA) related tools, frameworks and articles.
- Official Projects
- Policy Packages
- Language and Platform Integrations
- WebAssembly (WASM)
- Kubernetes
- Datasource Integrations
- IDE and Editor Integrations
- Infrastructure as Code
- Tools and Utilities
- Support and Community
- Recommended Reading
- Commercial Tools
- OPA - Open Policy Agent Github repository
- Gatekeeper - Kubernetes admission controller using OPA
- Conftest - Write tests against structured configuration data
- OPA - Official OPA documentation
- Styra Academy - Excellent OPA training courses
- Conftest - Conftest documentation
- OPA - Official blog for the OPA project
- Library - Community-owned policy library for OPA
- Policy Hub CLI - CLI tool that makes Rego policies searchable
- Rego policies - Rego policies from the the Red Hat community of practice
- Java - Generic Java client to query OPA's REST API
- Spring Security - OPA Spring Security Library
- Gradle - OPA plugin for Gradle
- OPA Python client - Python client for OPA's REST API
- Flask OPA - OPA client for the Flask microframework
- Bottle Authorization - Custom Bottle Application Authorization
- Rego Python - Python package for interacting with Rego
- Sphinx Rego - Sphinx extension that automatically documents Rego policies
- Go Example API Authorization - Example API authorization using OPA
- OPA Library for PHP - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware
- ASP.NET Core - ASP.NET Core authorization middleware
- OPA Express - OPA client for the Express framework
- Clojure - Middleware and utilities for app authorization with OPA in Clojure
- OPA Docker authorization - OPA to help policy-enable an existing services
- Docker Security Checker - OPA Rego policies for Dockerfile Security checks using Conftest (blog)
- Dockerfile security - A collection of OPA rules to statically analyze Dockerfiles to improve security
- Konveyor Forklift Validation Service - VM migration suitability assessment to avoid migrating VMs that are not fit for Kubevirt. Rules are applied on all the VMs of the source provider (VMware) during the initial inventory collection, then whenever a VM configuration changes.
- NPM module - a small SDK for using WebAssembly (wasm) compiled Open Policy Agent Rego policies
- Go SDK - a small Go library for using WebAssembly (wasm) compiled Open Policy Agent Rego policies
- .NET Core Library - .NET SDK for calling WASM-compiled OPA policies from .NET Core
- WASM - Official docs on WebAssembly for OPA
- Konstraint - CLI tool for working with templates and constraints when using Gatekeeper
- Deprek8ion - A set of rego policies to monitor Kubernetes APIs deprecations
- Rego Policies - Gatekeeper policies collection
- Gatekeeper Policy Manager - Web UI for Gatekeeper policies
- Validating and Mutating Admission Control Example - Example validating and mutation admission controller
- MagTape - OPA-based admission controller for policy enforcement
- Admission policy development - OPA Kubernetes validation and mutation testing environment
- Policy Enabled Kubernetes with OPA - Guide on setting up OPA for kubernetes admission control
- Using OPA on EKS - Using Open Policy Agent on Amazon EKS
- OPA and Gatekeeper - Comparison between OPA and Gatekeeper with lots of useful information
- Kubernetes Authorization - Guide on using OPA for Kubernetes authorization
- Kafka Authorizer - Kafka authorizer plugin with example policies
- Data Filtering on Spring Data - Data filtering for MongoDB and JPA using OPA
- Elasticsearch - OPA-Elasticsearch Data Filtering Example
- Strimzi - Kafka in kubernetes, with built-in support for OPA as authorizer
- VS Code plugin - Develop, test, debug, and analyze policies for OPA in VS Code
- IntelliJ plugin - OPA plugin for the IntelliJ IDE
- Emacs - Emacs Major mode for working with Rego
- Vim - Vim plugin for the Rego language, with support for syntax highlighting
- Atom - Syntax highlighting for the Atom editor
- CodeMirror - Rego mode and minimal key map for CodeMirror
- TextMate - Syntax highlighting for TextMate
- Sublime - Syntax highlighting for Sublime
- Nano - Syntax highlighting for Nano
- Regula - Evaluates Terraform code for potential security misconfigurations and compliance violations.
- Example Terraform policies - Example Terraform policies
- Terrascan - 500+ Policies written in OPA for security best practices.
- KICS - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
- Using OPA with Pulumi CrossGuard - Authoring Pulumi CrossGuard Policy with OPA
- AWS CDK with OPA - Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
- Kubernetes Authorization - Kubernetes Authorization via Open Policy Agent
- Fregot - Alternative REPL implementation for Rego
- OPA pre-commit - Pre-commit hooks for OPA/Rego/Conftest development
- Monitor OPA Gatekeeper - Monitoring implementation guide for OPA Gatekeeper (blog)
- Temporal reasoning with OPA - Examples for working with time in Rego
- OPAL - Realtime policy and data updates for your OPA agents on top of websockets pub/sub
- Styra - Commercial support, and tools for managing OPA at scale, by the creators of OPA
- Stack Overflow - Stack Overflow OPA section
- OPA Slack - Open Policy Agent Slack workspace
- Microservices Security in Action - Book on micorservices security, with dedicated section covering OPA. Freely available online.
- Fugue - 5 tips for using the Rego language for Open Policy Agent
- Styra DAS - Styra Declarative Authorization Service, from the creators of OPA
- Scalr - Collaboration and Automation for Terraform, backed by OPA
- Fairwinds Insights - Run OPA policies consistently across CI/CD, Admission Control, and an multi-cluster scanner
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent