├── .gitignore
├── LICENSE
├── README.md
└── assets
└── awesome-opa.png
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea/
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Creative Commons Legal Code
2 |
3 | CC0 1.0 Universal
4 |
5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
12 | HEREUNDER.
13 |
14 | Statement of Purpose
15 |
16 | The laws of most jurisdictions throughout the world automatically confer
17 | exclusive Copyright and Related Rights (defined below) upon the creator
18 | and subsequent owner(s) (each and all, an "owner") of an original work of
19 | authorship and/or a database (each, a "Work").
20 |
21 | Certain owners wish to permanently relinquish those rights to a Work for
22 | the purpose of contributing to a commons of creative, cultural and
23 | scientific works ("Commons") that the public can reliably and without fear
24 | of later claims of infringement build upon, modify, incorporate in other
25 | works, reuse and redistribute as freely as possible in any form whatsoever
26 | and for any purposes, including without limitation commercial purposes.
27 | These owners may contribute to the Commons to promote the ideal of a free
28 | culture and the further production of creative, cultural and scientific
29 | works, or to gain reputation or greater distribution for their Work in
30 | part through the use and efforts of others.
31 |
32 | For these and/or other purposes and motivations, and without any
33 | expectation of additional consideration or compensation, the person
34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she
35 | is an owner of Copyright and Related Rights in the Work, voluntarily
36 | elects to apply CC0 to the Work and publicly distribute the Work under its
37 | terms, with knowledge of his or her Copyright and Related Rights in the
38 | Work and the meaning and intended legal effect of CC0 on those rights.
39 |
40 | 1. Copyright and Related Rights. A Work made available under CC0 may be
41 | protected by copyright and related or neighboring rights ("Copyright and
42 | Related Rights"). Copyright and Related Rights include, but are not
43 | limited to, the following:
44 |
45 | i. the right to reproduce, adapt, distribute, perform, display,
46 | communicate, and translate a Work;
47 | ii. moral rights retained by the original author(s) and/or performer(s);
48 | iii. publicity and privacy rights pertaining to a person's image or
49 | likeness depicted in a Work;
50 | iv. rights protecting against unfair competition in regards to a Work,
51 | subject to the limitations in paragraph 4(a), below;
52 | v. rights protecting the extraction, dissemination, use and reuse of data
53 | in a Work;
54 | vi. database rights (such as those arising under Directive 96/9/EC of the
55 | European Parliament and of the Council of 11 March 1996 on the legal
56 | protection of databases, and under any national implementation
57 | thereof, including any amended or successor version of such
58 | directive); and
59 | vii. other similar, equivalent or corresponding rights throughout the
60 | world based on applicable law or treaty, and any national
61 | implementations thereof.
62 |
63 | 2. Waiver. To the greatest extent permitted by, but not in contravention
64 | of, applicable law, Affirmer hereby overtly, fully, permanently,
65 | irrevocably and unconditionally waives, abandons, and surrenders all of
66 | Affirmer's Copyright and Related Rights and associated claims and causes
67 | of action, whether now known or unknown (including existing as well as
68 | future claims and causes of action), in the Work (i) in all territories
69 | worldwide, (ii) for the maximum duration provided by applicable law or
70 | treaty (including future time extensions), (iii) in any current or future
71 | medium and for any number of copies, and (iv) for any purpose whatsoever,
72 | including without limitation commercial, advertising or promotional
73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
74 | member of the public at large and to the detriment of Affirmer's heirs and
75 | successors, fully intending that such Waiver shall not be subject to
76 | revocation, rescission, cancellation, termination, or any other legal or
77 | equitable action to disrupt the quiet enjoyment of the Work by the public
78 | as contemplated by Affirmer's express Statement of Purpose.
79 |
80 | 3. Public License Fallback. Should any part of the Waiver for any reason
81 | be judged legally invalid or ineffective under applicable law, then the
82 | Waiver shall be preserved to the maximum extent permitted taking into
83 | account Affirmer's express Statement of Purpose. In addition, to the
84 | extent the Waiver is so judged Affirmer hereby grants to each affected
85 | person a royalty-free, non transferable, non sublicensable, non exclusive,
86 | irrevocable and unconditional license to exercise Affirmer's Copyright and
87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the
88 | maximum duration provided by applicable law or treaty (including future
89 | time extensions), (iii) in any current or future medium and for any number
90 | of copies, and (iv) for any purpose whatsoever, including without
91 | limitation commercial, advertising or promotional purposes (the
92 | "License"). The License shall be deemed effective as of the date CC0 was
93 | applied by Affirmer to the Work. Should any part of the License for any
94 | reason be judged legally invalid or ineffective under applicable law, such
95 | partial invalidity or ineffectiveness shall not invalidate the remainder
96 | of the License, and in such case Affirmer hereby affirms that he or she
97 | will not (i) exercise any of his or her remaining Copyright and Related
98 | Rights in the Work or (ii) assert any associated claims and causes of
99 | action with respect to the Work, in either case contrary to Affirmer's
100 | express Statement of Purpose.
101 |
102 | 4. Limitations and Disclaimers.
103 |
104 | a. No trademark or patent rights held by Affirmer are waived, abandoned,
105 | surrendered, licensed or otherwise affected by this document.
106 | b. Affirmer offers the Work as-is and makes no representations or
107 | warranties of any kind concerning the Work, express, implied,
108 | statutory or otherwise, including without limitation warranties of
109 | title, merchantability, fitness for a particular purpose, non
110 | infringement, or the absence of latent or other defects, accuracy, or
111 | the present or absence of errors, whether or not discoverable, all to
112 | the greatest extent permissible under applicable law.
113 | c. Affirmer disclaims responsibility for clearing rights of other persons
114 | that may apply to the Work or any use thereof, including without
115 | limitation any person's Copyright and Related Rights in the Work.
116 | Further, Affirmer disclaims responsibility for obtaining any necessary
117 | consents, permissions or other rights required for any use of the
118 | Work.
119 | d. Affirmer understands and acknowledges that Creative Commons is not a
120 | party to this document and has no duty or obligation with respect to
121 | this CC0 or use of the Work.
122 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # awesome-opa
2 |
3 | 
4 |
5 | A curated list of [awesome](https://github.com/sindresorhus/awesome) Open Policy Agent (OPA) related tools, frameworks and articles.
6 |
7 | ## Contents
8 |
9 | - [Official Projects](#official-projects)
10 | - [Repositories](#repositories)
11 | - [Docs](#docs)
12 | - [Blogs and Articles](#blogs-and-articles)
13 | - [Policy Packages](#policy-packages)
14 | - [Language and Platform Integrations](#language-and-platform-integrations)
15 | - [Java](#java)
16 | - [Python](#python)
17 | - [Go](#go)
18 | - [PHP](#php)
19 | - [.NET](#net)
20 | - [Node.js](#nodejs)
21 | - [Clojure](#clojure)
22 | - [Docker](#docker)
23 | - [CPP](#cpp)
24 | - [Rust](#rust)
25 | - [Typescript]("#typescript")
26 | - [WebAssembly (Wasm)](#webassembly-wasm)
27 | - [Blogs and Articles](#webassembly-blogs-and-articles)
28 | - [Kubernetes](#kubernetes)
29 | - [Service Mesh Authorization](#service-mesh-authorization)
30 | - [Blogs and Articles](#blogs-and-articles)
31 | - [Nomad](#nomad)
32 | - [Datasource Integrations](#datasource-integrations)
33 | - [Blogs and Articles](#datasource-integrations-blogs-and-articles)
34 | - [IDE and Editor Integrations](#ide-and-editor-integrations)
35 | - [Infrastructure as Code](#infrastructure-as-code)
36 | - [Blogs and Articles](#infrastructure-as-code-blogs-and-articles)
37 | - [Serverless](#serverless)
38 | - [Blogs and Articles](#serverless-blogs-and-articles)
39 | - [Testing](#testing)
40 | - [Blogs and Articles](#testing-blogs-and-articles)
41 | - [Tools and Utilities](#tools-and-utilities)
42 | - [Other Usecases](#other-usecases)
43 | - [Fun and Quirky](#fun-and-quirky)
44 | - [Support and Community](#support-and-community)
45 | - [Recommended Reading](#recommended-reading)
46 | - [People](#people)
47 | - [Maintainers](#maintainers)
48 | - [Community Stars](#community-stars)
49 | - [Meetup Groups](#meetup-groups)
50 | - [Commercial Tools](#commercial-tools)
51 | - [Contributing](#contributing)
52 |
53 | ## Official projects
54 |
55 | ### Repositories
56 |
57 | - [OPA](https://github.com/open-policy-agent/opa) - Open Policy Agent Github repository
58 | - [Gatekeeper](https://github.com/open-policy-agent/gatekeeper) - Kubernetes admission controller using OPA
59 | - [Conftest](https://github.com/open-policy-agent/conftest) - Write tests against structured configuration data
60 |
61 | ### Docs
62 |
63 | - [OPA](https://www.openpolicyagent.org/docs/) - Official OPA documentation
64 | - [Styra Academy](https://academy.styra.com/) - Excellent OPA training courses
65 | - [Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/) - OPA Gatekeeper docs
66 | - [Conftest](https://www.conftest.dev/) - Conftest documentation
67 | - [Rego Style Guide](https://github.com/StyraInc/rego-style-guide) - Style guide for Rego, providing pointers on best practices for policy authoring
68 | - [Regal Docs](https://docs.styra.com/regal) - Documentation for 60+ linter rules, providing an excellent reference for learning Rego
69 |
70 | ### Blogs and Articles
71 |
72 | - [OPA](https://blog.openpolicyagent.org/) - Official blog for the OPA project
73 | - [Logo](https://cncf-branding.netlify.app/projects/opa/) - The OPA Logo in different versions
74 |
75 | ## Policy Packages
76 |
77 | - [Library](https://github.com/open-policy-agent/library) - Community-owned policy library for OPA
78 | - [Policy Hub CLI](https://github.com/policy-hub/policy-hub-cli) - CLI tool that makes Rego policies searchable
79 | - [Rego policies](https://github.com/redhat-cop/rego-policies) - Rego policies from the the Red Hat community of practice
80 | - [Appshield](https://github.com/aquasecurity/appshield) - Open Database of rego policies for common Infrastructure as Code files
81 | - [Conftest policy packs](https://github.com/rallyhealth/conftest-policy-packs) - Collection of Conftest policies for "Compliance-as-Code" security policies and general engineering standards. Policies targeting Terraform, Dockerfiles, package.json (NodeJS) files, etc
82 | - [Confectionary](https://github.com/Cigna/confectionery) - A library of rules for Conftest used to detect Terraform misconfigurations.
83 | - [Kubescape Rego library](https://github.com/kubescape/regolibrary) - Comprehensive set of Kubernetes policies from Kubescape
84 | - [Kubernetes Security Policies](https://github.com/raspbernetes/k8s-security-policies) - Raspernetes library for fortifying cluster configurations
85 |
86 | ## Language and Platform Integrations
87 |
88 | ### Java
89 |
90 | - [Styra Java SDK](https://github.com/StyraInc/opa-java) - Java SDK for interacting with OPA ([documentation](https://docs.styra.com/sdk))
91 | - [Jarl](https://github.com/johanfylling/jarl) - Native evaluation of Rego in the JVM, via OPA's IR format ([blog](https://blog.openpolicyagent.org/i-have-a-plan-exploring-the-opa-intermediate-representation-ir-format-7319cd94b37d))
92 | - [OPA Java Client](https://github.com/Bisnode/opa-java-client) - Generic Java client to query OPA's REST API
93 | - [Spring Security](https://github.com/Bisnode/opa-spring-security) - OPA Spring Security Library
94 | - [Spring Security Reactive](https://github.com/massenz/jwt-opa) - OPA with Spring Security Reactive
95 | - [Gradle](https://github.com/Bisnode/opa-gradle-plugin) - OPA plugin for Gradle
96 | - [Thunx](https://github.com/xenit-eu/thunx) - Thunx is a pluggable ABAC system using OPA, Spring Cloud Gateway and Spring Data REST
97 |
98 | ### Python
99 |
100 | - [OPA Python](https://github.com/heliconhq/opa-python) - Python client library for Open Policy Agent
101 | - [OPA Python client](https://github.com/Turall/OPA-python-client) - Python client for OPA's REST API
102 | - [Flask OPA](https://github.com/EliuX/flask-opa) - OPA client for the Flask microframework
103 | - [Bottle Authorization](https://github.com/dolevf/bottle-acl-openpolicyagent) - Custom Bottle Application Authorization
104 | - [Rego Python](https://github.com/open-policy-agent/rego-python) - Python package for interacting with Rego
105 | - [Sphinx Rego](https://github.com/zenitysec/sphinx-rego) - Sphinx extension that automatically documents Rego policies
106 | - [regopy](https://pypi.org/project/regopy/) - Python module which uses the C FFI for rego-cpp, allowing in-process Pythonic Rego policy evaluation
107 | - [regorus](https://github.com/microsoft/regorus/tree/main/bindings/python) - Evaluate Rego policies in Python using Regorus, a fast, lightweight Rego interpreter written in Rust.
108 |
109 | ### Go
110 |
111 | - [Go Example API Authorization](https://github.com/open-policy-agent/example-api-authz-go) - Example API authorization using OPA
112 | - [Fiber OPA Integration](https://github.com/gofiber/contrib/tree/main/opafiber) - OPA integration for Fiber web framework. Enables to execute Rego policies in the middlewares.
113 | - [HTTP API OPA middlewares](https://github.com/Joffref/opa-middleware) - Collection of OPA middlewares for your HTTP/Gin/Fiber API.
114 | - [regorus](https://github.com/microsoft/regorus/tree/main/bindings/go) - Golang bindings to Regorus, a fast, lightweight Rego interpreter written in Rust.
115 |
116 | ### PHP
117 |
118 | - [OPA Library for PHP](https://github.com/segrax/openpolicyagent) - OPA client, a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware
119 |
120 | ### .NET
121 |
122 | - [Styra C# SDK](https://github.com/StyraInc/opa-csharp) - C# SDK for interacting with OPA ([documentation](https://docs.styra.com/sdk))
123 | - [ASP.NET Core](https://github.com/build-security/OPA-AspDotNetCore-Middleware) - ASP.NET Core authorization middleware
124 | - [OpaDotNet.Extensions.AspNetCore](https://github.com/me-viper/OpaDotNet.Extensions) - ASP.NET Core authorization infrastructure
125 | - [regorus](https://github.com/microsoft/regorus/tree/main/bindings/csharp) - C# bindings to Regorus, a fast, lightweight Rego interpreter written in Rust.
126 |
127 | ### Node.js
128 |
129 | - [OPA Express](https://github.com/build-security/opa-express-middleware) - OPA client for the Express framework
130 | - [regorus](https://github.com/microsoft/regorus/tree/main/bindings/wasm) - Evaluate Rego policies in WASM using Regorus. Try it out at [Regorus Playground](https://anakrish.github.io/regorus-playground/).
131 |
132 | ### Clojure
133 |
134 | - [Jarl](https://github.com/johanfylling/jarl) - Native evaluation of Rego in the JVM (written in Clojure), via OPA's IR format ([blog](https://blog.openpolicyagent.org/i-have-a-plan-exploring-the-opa-intermediate-representation-ir-format-7319cd94b37d))
135 | - [clj-opa](https://github.com/anderseknert/clj-opa) - Middleware and utilities for app authorization with OPA in Clojure
136 |
137 | ### Docker
138 |
139 | - [OPA Docker authorization](https://github.com/open-policy-agent/opa-docker-authz) - OPA to help policy-enable an existing services
140 | - [Docker Security Checker](https://github.com/madhuakula/docker-security-checker) - OPA Rego policies for Dockerfile Security checks using Conftest
141 | - [Dockerfile security](https://github.com/gbrindisi/dockerfile-security) - A collection of OPA rules to statically analyze Dockerfiles to improve security
142 |
143 | ### Containers
144 |
145 | - [Konveyor Forklift Validation Service](https://github.com/konveyor/forklift-validation) - VM migration suitability assessment to avoid migrating VMs that are not fit for Kubevirt. Rules are applied on all the VMs of the source provider (VMware) during the initial inventory collection, then whenever a VM configuration changes.
146 |
147 | ### CPP
148 |
149 | - [rego-cpp](https://microsoft.github.io/rego-cpp/) - Rego compiler and runtime implemented in C++. It provides a C FFI with Rust and Python bindings in addition to an extensible C++ implementation.
150 | - [regorus](https://github.com/microsoft/regorus/tree/main/bindings/cpp) - C++ bindings to Regorus, a fast, lightweight Rego interpreter written in Rust.
151 |
152 | ### Rust
153 |
154 | - [regorus](https://crates.io/crates/regorus) - A fast, lightweight Rego interpreter written in Rust. In addition to bringing the power of Rego to Rust-only environments, it is intended as a platform for developing Rego tools and exploring Rego language enhancements.
155 | - [regorust](https://crates.io/crates/regorust) - Rust crate wrapping the C FFI for rego-cpp, allowing in-process Rego policy evaluation using idiomatic Rust.
156 |
157 | ### Typescript
158 |
159 | - [Styra OPA Typescript SDK](https://github.com/StyraInc/opa-typescript) - Typescript SDK for interacting with OPA ([documentation](https://docs.styra.com/sdk))
160 |
161 | ### Swift
162 | - [swift-opa](https://github.com/open-policy-agent/swift-opa) - Swift package for evaluating OPA IR Plans compiled from Rego declarative policy
163 |
164 | ## WebAssembly (Wasm)
165 |
166 | - [NPM module](https://github.com/open-policy-agent/npm-opa-wasm/) - a small SDK for using WebAssembly compiled Open Policy Agent Rego policies
167 | - [.NET Core Library](https://github.com/christophwille/csharp-opa-wasm) - .NET SDK for calling Wasm-compiled OPA policies from .NET Core
168 | - [OpaDotNet](https://github.com/me-viper/OpaDotNet) - Open Policy Agent (OPA) WebAssembly dotnet core SDK
169 | - [OpaDotNet.Compilation](https://github.com/me-viper/OpaDotNet.Compilation) - dotnet core backend for packaging Open Policy Agent Rego policies and data files into WASM policy bundles
170 | - [Python Library](https://github.com/a2d24/python-opa-wasm) - Open Policy Agent WebAssembly SDK for Python
171 | - [Go SDK](https://github.com/open-policy-agent/opa/tree/main/internal/wasm/sdk) - a small Go library for using WebAssembly compiled Open Policy Agent Rego policies
172 | - [JVM](https://github.com/sangkeon/java-opa-wasm) - Java SDK for calling Wasm-compiled policies. Uses wasmtime.
173 | - [Rust](https://github.com/matrix-org/rust-opa-wasm) - A crate to use OPA policies compiled to Wasm.
174 | - [regorus](https://github.com/microsoft/regorus/tree/main/bindings/wasm) - Evaluate Rego policies in WASM using Regorus. Try it out at [Regorus Playground](https://anakrish.github.io/regorus-playground/).
175 |
176 | ### WebAssembly Blogs and Articles
177 |
178 | - [Enforce policies in the browser with Open Policy Agent](https://medium.com/@robertgartman/enforce-policies-in-the-browser-with-open-policy-agent-22d8e32fbfb6?source=friends_link&sk=b7a58aecd84bf7367622347a91772947) - _first_ article in a series of three covering why and how to reuse backend Policy-as-Code in the browser.
179 | - [Reuse Policy as Code — stay DRY](https://medium.com/@robertgartman/reuse-policy-as-code-stay-dry-7ad1229be160?source=friends_link&sk=196fd624a4027f5c33366f596dc75935) - _second_ article in a series of three covering why and how to reuse backend Policy-as-Code in the browser. This article focus on Rego and HOW
180 | - [OPA & Angular: Policy-as-Code in the browser](https://medium.com/@robertgartman/opa-angular-policy-as-code-in-the-browser-7bb3e5a8f60c?source=friends_link&sk=69f87b120d716a4f4f7abe5d3e1680ec) - _third_ article in a series of three covering why and how to reuse backend Policy-as-Code in the browser. Angular Proof of Concept based on article 1 & 2.
181 | - [Rego on WebAssembly](https://blog.openpolicyagent.org/opa-v0-15-1-rego-on-webassembly-81c226c51be4) - original OPA Wasm support blog post which summarizes how OPA's Wasm functionality works.
182 |
183 | ### Docs
184 |
185 | - [Wasm](https://www.openpolicyagent.org/docs/latest/wasm/) - Official docs on WebAssembly for OPA
186 |
187 | ### Built with Wasm
188 |
189 | - [OPA Wasm demo](https://opa-wasm.glitch.me/) - Demonstration of evaluating OPA's Wasm modules in the browser
190 | - [Snyk CLI](https://github.com/snyk/snyk) - Test Infrastructure as Code source code for security misconfigurations and best practices in the local console. The npm-opa-wasm library is used to run WASM bundle of Rego policies to detect misconfiguration.
191 | - [regorus](https://github.com/microsoft/regorus/tree/main/bindings/wasm) - Evaluate Rego policies in WASM using Regorus. Try it out at [Regorus Playground](https://anakrish.github.io/regorus-playground/).
192 |
193 | ## Kubernetes
194 |
195 | - [Gatekeeper](https://github.com/open-policy-agent/gatekeeper) - A validating and mutating webhook that enforces CRD-based policies executed by OPA for Kubernetes
196 | - [Gatekeeper Policy Library](https://www.github.com/open-policy-agent/gatekeeper-library) - A collection of constraint templates and sample constraints that you can use with Gatekeeper
197 | - [Konstraint](https://github.com/plexsystems/konstraint) - CLI tool for working with templates and constraints when using Gatekeeper
198 | - [Red Hat Rego Policies](https://github.com/redhat-cop/rego-policies) - Red Hat Rego policies collection
199 | - [Gatekeeper Policy Manager](https://github.com/sighupio/gatekeeper-policy-manager) - Web UI for Gatekeeper policies
200 | - [Validating and Mutating Admission Control Example](https://github.com/tsandall/validating-and-mutating-example) - Example validating and mutation admission controller
201 | - [MagTape](https://github.com/tmobile/magtape) - OPA-based admission controller for policy enforcement
202 | - [Meshery](https://meshery.io/) - Meshery leverages built-in relationships to enforce Kubernetes configuration best practices and enhances the development process through custom rules in OPA's Rego query language
203 | - [Admission policy development](https://github.com/k8spin/opa-k8s-development) - OPA Kubernetes validation and mutation testing environment
204 | - [Gatekeeper Conftest plugin](https://github.com/clover/gatekeeper-conftest) - A Conftest plugin that transforms input objects to be compatible with OPA Gatekeeper policies.
205 | - [Cosign Gatekeeper Provider](https://github.com/developer-guy/cosign-gatekeeper-provider) - Cosign Provider a new provider of OPA Gatekeeper's ExternalData feature to verify container images
206 | - [Kubescape](https://github.com/armosec/kubescape) - Kubescape is tool for scanning Kubernetes clusters for security issues. Kubescape tests (rules) are based completely on OPA. See the regos [here](https://github.com/armosec/regolibrary)
207 | - [Kove](https://github.com/cmacrae/kove) - Watch your in-cluster Kubernetes manifests for OPA policy violations and export them as Prometheus metrics
208 | - [GKE Policy Automation](https://github.com/google/gke-policy-automation) - Tool and policy library for reviewing GKE clusters against best practices
209 | - [kube-mgmt](https://github.com/open-policy-agent/kube-mgmt) - Sidecar providing data from Kubernetes to OPA. Includes Helm charts for both projects
210 |
211 | ### Service Mesh Authorization
212 |
213 | - [OPA Envoy Plugin](https://github.com/open-policy-agent/opa-envoy-plugin) - The OPA Envoy Plugin (compatible with Envoy, Istio, Gloo Edge, more)
214 | - [Open Service Mesh](https://release-v0-11.docs.openservicemesh.io/docs/guides/integrations/external_auth_opa/#osm-with-opa-plugin-external-authorization-walkthrough) - Envoy based service mesh using OPA for external authorization
215 | - [Kuma](https://konghq.com/videos/microservice-authorization-with-open-policy-agent-and-kuma/) - OPA for Kuma service mesh
216 | - [Kong Mesh](https://konghq.com/blog/kong-service-mesh-and-opa-policy/) - OPA for Kong Mesh authorization ([docs](https://docs.konghq.com/mesh/1.5.x/features/opa/))
217 |
218 | ### Blogs and Articles
219 |
220 | - [Policy Enabled Kubernetes with OPA](https://www.capitalone.com/tech/software-engineering/policy-enabled-kubernetes-with-open-policy-agent/) - Guide on setting up OPA for kubernetes admission control
221 | - [Integrating OPA with Kubernetes](https://techblost.com/integrating-open-policy-agent-opa-with-kubernetes/) - Comprehensive introduction to OPA and Gatekeeper
222 | - [Using OPA on EKS](https://aws.amazon.com/blogs/opensource/using-open-policy-agent-on-amazon-eks/) - Using Open Policy Agent on Amazon EKS
223 | - [OPA and Gatekeeper](https://www.infracloud.io/blogs/opa-and-gatekeeper/) - Comparison between OPA and Gatekeeper with lots of useful information
224 | - [Kubernetes Authorization](https://itnext.io/kubernetes-authorization-via-open-policy-agent-a9455d9d5ceb) - Guide on using OPA for Kubernetes authorization
225 | - [Gatekeeper in a CI/CD pipeline](https://arapulido.github.io/blog/2021/08/02/testing-your-kubernetes-config-against-policy-ci/) - Guide on how to setup your CI environment to test your Kubernetes configuration against your policy in a CI environment as part of a GitOps strategy
226 | - [Verifying container signatures on Kubernetes with Gatekeeper](https://medium.com/@LachlanEvenson/verifying-container-signatures-on-kubernetes-with-gatekeeper-19a4519c3016) - Verifying container signatures on Kubernetes with Gatekeeper
227 | - [Gator CLI](https://medium.com/@LachlanEvenson/testing-gatekeeper-constraints-with-gator-cli-da31050a6564) - Testing Gatekeeper constraints with Gator CLI
228 | - [Kubernetes: An Enterprise Guide, 2nd Ed Chapter 8 - Extending Security with OpenPolicyAgent](https://youtu.be/_GQZ8Qahu48) - Walk through labs that show you how to build, debug, and deploy GateKeeper policies and mutations in your cluster.
229 | - [Kubernetes: An Enterprise Guide, 2nd Ed Chapter 9 - Node Security with GateKeeper](https://youtu.be/UrSvh74n24E) - Walk through labs that show the differences between VMs and containers with a breakout, creating `securityContext` defaults using mutations, replacing `PodSecurityPolicy` using GateKeeper, debuging audit violations, and policies for multi-tenant clusters.
230 | - [OPA Gatekeeper: Policy and Governance for Kubernetes](https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/) - Kubernetes blog post
231 | - [Using OPA Gatekeeper on Azure](https://docs.microsoft.com/en-us/azure/governance/policy/concepts/policy-for-kubernetes) - Azure Policy for Kubernetes clusters
232 |
233 | ## Nomad
234 |
235 | - [Nomad Admission Control Proxy](https://github.com/mxab/nacp) - An admission controller that can be used as a proxy to Nomad's API for mutation and validation with builtin OPA support.
236 |
237 | ## Datasource Integrations
238 |
239 | - [Kafka Authorizer](https://github.com/StyraInc/opa-kafka-plugin) - Kafka authorizer plugin using OPA, with example policies
240 | - [OPA Single Message Transformer](https://github.com/opencredo/opa-single-message-transformer) - Single Message Transformer for Kafka. Uses OPA to choose which records to filter out based on policy.
241 | - [Data Filtering on Spring Data](https://github.com/jferrater/opa-data-filter-spring-boot-starter) - Data filtering for MongoDB and JPA using OPA
242 | - [Elasticsearch](https://github.com/open-policy-agent/contrib/tree/master/data_filter_elasticsearch) - OPA-Elasticsearch Data Filtering Example
243 | - [Strimzi](https://strimzi.io/) - Kafka in kubernetes, with built-in support for OPA as authorizer
244 | - [Google Calendar](https://github.com/anderseknert/opa-google-calendar) - Integrating OPA with the Google Calendar API
245 | - [Inspektor](https://github.com/poonai/inspektor) - Access Control as Code for databases using OPA to make its access decision
246 | - [Alluxio](https://www.alluxio.io/) - Alluxio is a data orchestration tool which allows [delegating access control decisions to OPA](https://docs.alluxio.io/ee/user/2.10.0/en/security/OpenPolicyAgent-Integration.html)
247 | - [Trino OPA Authorizer](https://github.com/stackabletech/trino-opa-authorizer/) - Plugin for Trino that allows using OPA for authorization
248 |
249 | ### Datasource Integrations Blogs and Articles
250 |
251 | - [Google Calendar Integration](https://blog.styra.com/blog/the-power-of-data-calendar-based-policy-enforcement) - The Power of Data: Calendar-based Policy Enforcement
252 | - [Apache Kafka](https://opencredo.com/blogs/controlling-kafka-data-flows-using-open-policy-agent/) - Controlling Kafka Data Flows using Open Policy Agent
253 |
254 | ## IDE and Editor Integrations
255 |
256 | - [VS Code plugin](https://marketplace.visualstudio.com/items?itemName=tsandall.opa) - Develop, test, debug, and analyze policies for OPA in VS Code
257 | - [IntelliJ plugin](https://github.com/open-policy-agent/opa-idea-plugin) - OPA plugin for the IntelliJ IDE
258 | - [Zed Extension](https://github.com/StyraInc/zed-rego) - Zed extension for OPA and Rego leveraging [Regal](https://docs.styra.com/regal)
259 | - [Emacs](https://github.com/psibi/rego-mode) - Emacs Major mode for working with Rego
260 | - [Vim](https://github.com/tsandall/vim-rego) - Vim plugin for the Rego language, with support for syntax highlighting
261 | - [Null-ls](https://github.com/jose-elias-alvarez/null-ls.nvim) - Use Neovim as a language server to inject LSP diagnostics, code actions, and more. Supports linting rego files.
262 | - [Atom](https://github.com/open-policy-agent/opa/tree/master/misc/syntax/atom) - Syntax highlighting for the Atom editor
263 | - [CodeMirror](https://github.com/StyraInc/codemirror-rego) - Rego mode and minimal key map for [CodeMirror](https://codemirror.net/)
264 | - [TextMate](https://github.com/open-policy-agent/opa/tree/master/misc/syntax/textmate) - Syntax highlighting for TextMate
265 | - [Sublime](https://github.com/open-policy-agent/opa/tree/master/misc/syntax/sublime) - Syntax highlighting for Sublime
266 | - [Nano](https://github.com/scopatz/nanorc) - Syntax highlighting for Nano
267 | - [Prism](https://prismjs.com/) - Prism is a lightweight, extensible syntax highlighter, built with modern web standards in mind (supports Rego)
268 | - [tree-sitter-rego](https://github.com/FallenAngel97/tree-sitter-rego) - Tree-sitter grammar for Rego ([blog](https://decodeapps.pp.ua/blog/post/rego-treesitter))
269 | - [highlight.js](https://github.com/StyraInc/highlightjs-rego) - Rego syntax support for [highlight.js](https://highlightjs.org/)
270 |
271 | ## Infrastructure as Code
272 |
273 | - [OPA AWS CloudFormation Hook](https://github.com/StyraInc/opa-aws-cloudformation-hook) - AWS CloudFormation Hook calling OPA for policy decisions. See also [tutorial](https://www.openpolicyagent.org/docs/latest/aws-cloudformation-hooks/).
274 | - [TFLint OPA Ruleset](https://github.com/terraform-linters/tflint-ruleset-opa) - Write custom TFLint rules in Rego
275 | - [Infracost](https://github.com/infracost/infracost/) - Infracost generates cloud cost estimates for Terraform and integrates with OPA, it can be used to write [cost policies](https://www.infracost.io/docs/features/cost_policies/)
276 | - [Regula](https://github.com/fugue/regula) - Evaluates Terraform code for potential security misconfigurations and compliance violations.
277 | - [Example Terraform policies](https://github.com/Scalr/sample-tf-opa-policies) - Example Terraform policies
278 | - [Terrascan](https://github.com/accurics/terrascan) - [500+ Policies](https://github.com/accurics/terrascan/tree/master/pkg/policies/opa/rego) written in OPA for security best practices.
279 | - [KICS](https://github.com/Checkmarx/kics) - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
280 | - [Trivy](https://github.com/aquasecurity/trivy) - Scan your code and artifacts for known vulnerabilities and misconfiguration issues.
281 | - [Terraform OPA IBM](https://github.com/IBM-Cloud/terraform-opa-ibm) - Terraform policy library for IBM Cloud
282 | - [GCP policy guardrails for Terraform](https://github.com/GoogleCloudPlatform/policy-library/tree/main/validator) - Rego reference policy library for GCP controls (originally from forseti). Originally used by `terraform-validator` and now on `gcloud beta terraform vet`. More info at [Policy Validation](https://cloud.google.com/docs/terraform/policy-validation)
283 | - [Pulumi OPA Bridge for CrossGuard](https://github.com/pulumi/pulumi-policy-opa) - This project allows OPA rules to be run in the context of Pulumi's policy system, CrossGuard
284 |
285 | ### Infrastructure as Code Blogs and Articles
286 |
287 | - [Using OPA with Pulumi CrossGuard](https://www.pulumi.com/blog/opa-support-for-crossguard/) - Authoring Pulumi CrossGuard Policy with OPA
288 | - [AWS CDK with OPA](https://aws.amazon.com/blogs/opensource/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent/) - Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
289 | - [Kubernetes Authorization](https://itnext.io/kubernetes-authorization-via-open-policy-agent-a9455d9d5ceb) - Kubernetes Authorization via Open Policy Agent
290 | - [Using OPA with Spacelift](https://spacelift.io/blog/what-is-open-policy-agent-and-how-it-works) - Open Policy Agent: What Is OPA and How It Works (Examples)
291 |
292 | ## Serverless
293 |
294 | - [OPA Lambda Extension Plugin](https://github.com/godaddy/opa-lambda-extension-plugin) - A custom plugin for running OPA in AWS Lambda as a Lambda Extension
295 |
296 | ### Serverless Blogs and Articles
297 |
298 | - [Serverless Policy Enforcement](https://blog.openpolicyagent.org/serverless-policy-enforcement-connecting-opa-and-aws-lambda-e624f7176a3) - Connecting Open Policy Agent and AWS Lambda
299 | - [Lambda Authorizer](https://aws.amazon.com/blogs/opensource/creating-a-custom-lambda-authorizer-using-open-policy-agent/) - Creating a custom Lambda authorizer using Open Policy Agent
300 |
301 | ## Testing
302 |
303 | - [rego-test-assertions](https://github.com/anderseknert/rego-test-assertions) - Helper library for working with assertions in Rego unit tests
304 | - [kube-review](https://github.com/anderseknert/kube-review) - CLI tool to quickly create [AdmissionReview](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) requests from Kubernetes resources
305 | - [gator CLI](https://open-policy-agent.github.io/gatekeeper/website/docs/gator/) - Command line unit test runner for OPA Gatekeeper
306 | - [ocov](https://github.com/C5T/ocov) - Colors `opa test --coverage` reports in the terminal
307 | - [opa-codecov](https://github.com/SVilgelm/opa-codecov) - Convert OPA test coverage report to a JSON format supported by Codecov
308 | - [github-action-opa-rego-test](https://github.com/masterpointio/github-action-opa-rego-test) - GitHub Action to automate testing for your OPA Rego policies and generates a report.
309 |
310 | ### Testing Blogs and Articles
311 |
312 | - [Advanced Rego Testing Techniques](https://www.styra.com/blog/advanced-rego-testing-techniques/) - Great blog on testing patterns for Rego, by Nicholaos Mouzourakis
313 |
314 | ## Tools and Utilities
315 |
316 | - [Regal](https://github.com/StyraInc/regal) - Regal is a linter for Rego, with the goal of making your Rego magnificent! ([blog](https://www.styra.com/blog/guarding-the-guardrails-introducing-regal-the-rego-linter/))
317 | - [setup-opa](https://github.com/open-policy-agent/setup-opa) - GitHub action to configure the Open Policy Agent CLI in your GitHub Actions workflows
318 | - [Fregot](https://github.com/fugue/fregot) - Alternative REPL implementation for Rego
319 | - [OPA pre-commit](https://github.com/anderseknert/pre-commit-opa) - Pre-commit hooks for OPA/Rego/Conftest development
320 | - [Monitor OPA Gatekeeper](https://github.com/developer-guy/monitor-opa-gatekeeper) - Monitoring implementation guide for OPA Gatekeeper ([blog](https://sysdig.com/blog/monitor-gatekeeper-prometheus/))
321 | - [OpenAPI to Rego](https://github.com/ashutosh-narkar/openapi-to-rego) - Generate Rego code given an OpenAPI 3.0 Specification
322 | - [Temporal reasoning with OPA](https://github.com/mhausenblas/temporal-opa) - Examples for working with time in Rego
323 | - [OPAL](https://github.com/authorizon/opal) - Realtime policy and data updates for your OPA agents on top of websockets pub/sub
324 | - [OPA Action](https://github.com/koozz/opa-action) - OPA Pull-Request Assessor is a GitHub Action that checks files against policies configured in the same repo
325 | - [OPA Schema Examples](https://github.com/aavarghese/opa-schema-examples) - Examples of extending the OPA type checker with JSON [schemas](https://www.openpolicyagent.org/docs/latest/schemas/)
326 | - [Open Policy Containers](https://github.com/opcr-io/policy) - Secure software supply chains for OPA policies. Push, pull, tag, test, version, and sign OPA policies.
327 | - [Snyk IaC Rules](https://github.com/snyk/snyk-iac-rules) - Maintain library of Rego rules, run integration tests and build WASM bundles for distribution of rules. The OPA libraries are used to build WASM bundles.
328 | - [Topaz](https://github.com/aserto-dev/topaz) - Topaz is an open-source application authorization project that uses OPA as the decision engine and supports Rego policies.
329 | - [opactl](https://github.com/onelittlenightmusic/opactl) - A simple tool to turn your Rego rule into CLI command ([blog](https://itnext.io/implement-a-policy-and-use-it-in-cli-de906237c6ab))
330 | - [alfred](https://github.com/dolevf/Open-Policy-Agent-Alfred) - A self-hosted OPA Playground Alternative
331 | - [Rönd](https://github.com/rond-authz/rond) - Rönd is a lightweight container that distributes security policy enforcement throughout your application
332 | - [rq (Rego Query)](https://git.sr.ht/~charles/rq) - jq-inspired tool to bring Rego to your shell pipelines
333 | - [opa-explorer](https://github.com/srenatus/opa-explorer) - Visual tool for exploring the different compilation stages of the OPA topdown compiler
334 | - [mcov](https://github.com/styrainc/mcov) - A tool that'll check your Rego source files and report the minimum compatible OPA version required
335 | - [dependency-management-data (DMD)](https://dmd.tanna.dev) is a set of tooling to get a better understanding of the use of dependencies across your organisation. DMD supports using Open Policy Agent to write more complex rules around dependency usage than can be done using the SQL interface.
336 |
337 | ## Other Usecases
338 |
339 | - [SansShell](https://github.com/Snowflake-Labs/sansshell) - A non-interactive daemon for host management, where any action is authorized by OPA
340 | - [goast](https://github.com/m-mizutani/goast) - Go AST (Abstract Syntax Tree) based static analysis tool using Rego
341 | - [ScubaGear](https://github.com/cisagov/ScubaGear/) - Using Rego policies to assess the security posture of M365 tenants, by CISA
342 | - [Reposaur](https://github.com/reposaur/reposaur) - Audit, verify and report on development platforms (GitHub and others) easily with pre-defined and/or custom policies.
343 | - [backstage-opa-plugins](https://github.com/Parsifal-M/backstage-opa-plugins) - Plugins for integrating OPA with [Backstage](https://backstage.io/), including OPA-based authorisation.
344 |
345 | ## Fun and Quirky
346 |
347 | - [How I Used OPA to Help Me Solve Wordle](https://www.styra.com/blog/how-i-used-opa-to-help-me-solve-wordle/) - OPA as a Wordle assistant
348 | - [Policing Christmas Tree](https://github.com/charlieegan3/policing-christmas-trees) - Using Rego to determine the correctness of Christmas tree decorations
349 | - [Corrupting OPA to Run My Games](https://kevinhoffman.medium.com/corrupting-the-open-policy-agent-to-run-my-game-711f340adb5a) - Fun blog on using OPA for game engines
350 | - [Colorized](https://github.com/anderseknert/colorized) - Colorized output for the OPA print function!
351 |
352 | ## Support and Community
353 |
354 | - [Styra](https://www.styra.com/) - Commercial support, and tools for managing OPA at scale, by the creators of OPA
355 | - [Stack Overflow](https://stackoverflow.com/questions/tagged/open-policy-agent) - Stack Overflow OPA section
356 | - [OPA Slack](https://openpolicyagent.slack.com) - Open Policy Agent Slack workspace
357 | - [GitHub Discussions](https://github.com/open-policy-agent/feedback/discussions) - Open Policy Agent Discussion Board
358 |
359 | ## Recommended Reading
360 |
361 | - [OPA Guidebook](https://sangkeon.github.io/opaguide/) - Open source, free book on Open Policy Agent, by Sangkeon Lee ([source code](https://github.com/sangkeon/opaguide_src))
362 | - [Microservices Security in Action](https://www.manning.com/books/microservices-security-in-action) - Book on microservices security, with dedicated section covering OPA. Freely available online
363 | - [Gusto Engineering](https://engineering.gusto.com/why-logic-programming-is-the-best-choice-for-authorization-70f95164dee7) — Why logic programming is the best choice for authorization
364 | - [Fugue (now Snyk)](https://snyk.io/blog/5-tips-for-using-the-rego-language-for-open-policy-agent-opa/) - 5 tips for using the Rego language for Open Policy Agent
365 | - [Integration](https://medium.com/@nikman/control-user-access-and-permissions-in-cvat-with-open-policy-agent-a2abbd09774d) - Control User Access and Permissions in CVAT with Open Policy Agent
366 |
367 | ## People
368 |
369 | ### Maintainers
370 |
371 | - [@open-policy-agent](https://github.com/open-policy-agent) - Official OPA account 🌎 ([Twitter](https://twitter.com/OpenPolicyAgent))
372 | - [@tsandall](https://github.com/tsandall) - Torin Sandall 🇨🇦 - OPA co-creator ([Twitter](https://twitter.com/sometorin))
373 | - [@timothyhinrichs](https://github.com/timothyhinrichs) - Tim Hinrichs 🇺🇸 - OPA co-creator ([Twitter](https://twitter.com/tlhinrichs))
374 | - [@ashutosh-narkar](https://github.com/ashutosh-narkar) - Ash Narkar 🇺🇸 - OPA maintainer ([Twitter](https://twitter.com/ashtalk))
375 | - [@johanfylling](https://github.com/johanfylling/) - Johan Fylling 🇸🇪 - OPA maintainer ([Mastodon](https://hachyderm.io/@johanfylling), [Twitter](https://twitter.com/johanfylling))
376 | - [@philipaconrad](https://github.com/philipaconrad) - Philip Conrad 🇺🇸 - OPA maintainer ([Twitter](https://twitter.com/philip_conrad))
377 | - [@anderseknert](https://github.com/anderseknert) - Anders Eknert 🇸🇪 - OPA developer advocate ([Mastodon](https://hachyderm.io/@anderseknert), [Twitter](https://twitter.com/anderseknert))
378 | - [@charlieegan3](https://github.com/charlieegan3) - Charlie Egan 🇬🇧 - OPA developer advocate ([Mastodon](https://hachyderm.io/@charlieegan3), [Twitter](https://twitter.com/charlieegan3))
379 | - [@ritazh](https://github.com/ritazh) - Rita Zhang 🇺🇸 - Gatekeeper maintainer ([Mastodon](https://hachyderm.io/@ritazh), [Twitter](https://twitter.com/ritazzhang))
380 | - [@sozercan](https://github.com/sozercan) - Sertaç Özercan 🇺🇸 - Gatekeeper maintainer ([Mastodon](https://hachyderm.io/@sozercan@mastodon.social), [Twitter](https://twitter.com/sozercan))
381 | - [@jpreese](https://github.com/jpreese) - John Reese 🇺🇸 - Conftest maintainer ([Mastodon](https://hachyderm.io/@jpreese), [Twitter](https://twitter.com/johnpreese))
382 |
383 | ### Community Stars
384 |
385 | - [@Parsifal-M](https://github.com/Parsifal-M) - Peter Macdonald 🇬🇧 - OPA contributor and active community member ([Mastodon](https://hachyderm.io/@parcifal), [Twitter](https://twitter.com/_PeterM_))
386 | - [@m-mizutani](https://github.com/m-mizutani) - Masayoshi Mizutani 🇯🇵 - Security engineer. Prolific OPA & Rego advocate ([Twitter](https://twitter.com/m_mizutani))
387 | - [@RoyOsaki](https://github.com/RoyOsaki) - Roy Hiroyuki OSAKI 🇺🇸 - Research engineer. OPA community contributor ([Twitter](https://twitter.com/Hiroyuki_OSAKI))
388 | - [@developer-guy](https://github.com/developer-guy) - Batuhan Apaydin 🇹🇷 - OPA and many CNCF projects ([Mastodon](https://hachyderm.io/@developerguy), [Twitter](https://twitter.com/developerguyba))
389 | - [@nmeisenzahl](https://github.com/nmeisenzahl) - Nico Meisenzahl 🇩🇪 - All about OPA and cloud native topics ([Mastodon](https://fosstodon.org/@nmeisenzahl), [Twitter](https://twitter.com/nmeisenzahl))
390 | - [@jaspervdj](https://github.com/jaspervdj) - Jasper Van der Jeugt 🇨🇭 - OPA contributor ([Mastodon](https://functional.cafe/@jaspervdj), [Twitter](https://github.com/jaspervdj-luminal))
391 | - [@willbeason](https://github.com/willbeason) - Will Beason 🇺🇸 - Ex Gatekeeper maintainer ([Mastodon](https://functional.cafe/@willbeason@dair-community.social), [Twitter](https://twitter.com/willbeason))
392 | - [@peteroneilljr](https://github.com/peteroneilljr) - Peter O'Neill 🌎 - Ex OPA community advocate ([Mastodon](https://hachyderm.io/@Peteroneilljr), [Twitter](https://twitter.com/peteroneilljr))
393 | - [@antonioberben](https://github.com/antonioberben) - Antonio Berben 🇪🇸 - OPA Contributor & Blogger ([Twitter](https://twitter.com/antonioberben))
394 |
395 | ### Meetup Groups
396 |
397 | - [Amsterdam OPA Users](https://www.meetup.com/opa-amsterdam/) 🇳🇱
398 | - [London OPA Meetup](https://www.meetup.com/london-opa-meetup/) 🇬🇧
399 | - [Stockholm OPA Users](https://www.meetup.com/stockholm-opa-meetup/) 🇸🇪
400 |
401 | ## Commercial Tools
402 |
403 | - [Styra DAS](https://www.styra.com/styra-das) - Styra Declarative Authorization Service, from the creators of OPA
404 | - [Enterprise OPA](https://www.styra.com/enterprise-opa) - Enterprise-grade authorization engine for data-heavy workloads
405 | - [Scalr](https://scalr.com/) - Collaboration and Automation for Terraform, backed by OPA
406 | - [Fairwinds Insights](https://fairwinds.com/insights) - Run OPA policies consistently across CI/CD, Admission Control, and an multi-cluster scanner
407 | - [Snyk IaC](https://snyk.io/product/infrastructure-as-code-security/) - Test Infrastructure as Code source code repositories for security misconfigurations and best practices. The OPA golang libraries are used to evaluate Rego policies to detect misconfigurations in the repositories.
408 | - [Spacelift](https://spacelift.io/): Flexible management platform for Infrastructure as Code, backed by OPA
409 | - [env0](https://www.env0.com): Infrastructure as Code automation platform, with OPA extensibility.
410 |
411 | ## Contributing
412 |
413 | Built a great OPA integration or wrote an interesting blog or article on the topic? Submit a PR!
414 | Please just make sure to include something that describes how the project uses OPA, or how OPA is otherwise related.
415 |
416 | ## Community
417 |
418 | For questions, discussions and announcements related to Styra products, services and open source projects, please join
419 | the Styra community on [Slack](https://inviter.co/styra)!
420 |
--------------------------------------------------------------------------------
/assets/awesome-opa.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/StyraInc/awesome-opa/f560f9db96c39446104e3d3f4c662c4fc553162e/assets/awesome-opa.png
--------------------------------------------------------------------------------