OPA Ecosystem

Create With OPA

Integrate with OPA from your language

JavaScriptJavaC#GoClojureRustPHP

Rego Language

Rego is the policy language used by OPA and there are various integrations that make working with the language easier.

• Debugging Rego – Work out what's going on with your Rego policies
• Learning Rego – Learn and write Rego
• Policy Testing – Test and validate Rego policies

OPA at Scale

OPA has a number of features that are most useful when running OPA in production. These integrations make use of those features, and make it easier to use OPA at scale.

• External Data: Push – Manage and update external data loaded into OPA
• External Data: Runtime – Load in on demand at runtime
• External Data – Manage and update external data loaded into OPA
• Discovery Bundles – Distribute flexible configuration to OPAs
• Bundles – Distribute policy and data to OPA instances
• Status API – Gather runtime information from OPA instances

Tool Integrations

OPA plays nice with a range of existing tools too via some bespoke integrations.

• Code Editors – Use OPA and Rego in your editor
• Envoy – Integrate with the Envoy proxy
• Kubernetes – Integrate OPA with Kubernetes
• Terraform – Integrate OPA with Terraform

Created with OPA

OPA's SDKs and APIs offer a solid foundation for all kinds of projects. See the integrations below for inspiration.

• Go Integrations – Projects using OPA as a Go module
• REST API Integrations – Examples of projects which integrate with the OPA REST API.
• Wasm Integrations – Projects using the Wasm functionality of OPA.

Kubernetes Admission Control

Terraform Policy

Styra Declarative Authorization Service

Policy as Code Control Plane

Container Network Authorization with Envoy

Official OPA Envoy Integration

Authorization for Spring Security

Kafka Topic Authorization

Trino

Aserto

Regal

The Linter of Rego Language

Rönd

Conftest

Rego policy for configuration files

Styra Enterprise OPA

env0

Fairwinds Insights Configuration Validation Software

OPA Gatekeeper

Rego Policy Controller for Kubernetes

OPA Wasm Javascript Module

Permit.io

PHP OPA Library

Strimzi (Apache Kafka on Kubernetes)

Topaz

Authorization Integration with Apache APISIX

AWS CloudFormation Hook

Ceph Object Storage Authorization

Dapr

dependency-management-data

A set of tooling to get a better understanding of the use of dependencies across your organisation.

Flipt

CloudNative Feature Flag Management

i2scim.io SCIM Restful User/Group Provisioning API

Kubernetes Authorization

Kubescape

Kubernetes security posture scanner

Legitify

Security policy for SCM

Nomad Admission Control Proxy

NACP

OPA ASP.NET Core SDK (Styra)

C# OPA SDK (Styra)

Wasm .NET Package (me-viper)

OPA Go SDK

Java OPA Wasm SDK (Styra)

Java OPA SDK (Styra)

Typescript OPA SDK (Styra)

Wasm .NET Package (christophwille)

OPA Wasm Rust Crate

OPAL

Open Policy Administration Layer

Open Policy Registry

A Docker-inspired workflow for OPA policies

Principled Evolution (GOPAL & AICertify)

Pulumi

raygun

Black-box Automated Testing for Rego

Scalr

Policy enforcement for Terraform

Spacelift

SPIRE

Torque

Traefik API Gateway

VS Code Extension

OPA Integration for the VS Code editor

walt.id SSI Kit

Self-Sovereign Identity toolkit with OPA policy support

Atmos

Backstage

Boomerang Bosun Policy Gating

Bottle Application Authorization

Chef Automate

Operational Visibility Dashboard

Kubernetes Admission Control using Vulnerability Scanning

Cloudflare Worker Enforcement of OPA Policies Using Wasm

Container Signing, Verification and Storage in an OCI registry

HTTP API Authorization in Dart

Digger

GitOps for Terraform

Docker controls via OPA Policies

Elasticsearch Data Filtering

Enterprise Contract

fig

Flask-OPA

GCP audit with Forseti

GitHub Action for OPA Rego Test

GitHub Action to automate testing OPA Rego policies

Gloo API Gateway

Google Calendar

GKE Policy Automation

Gradle Build Plugin (Bisnode)

GraphQL

IPTables

Container Network Authorization with Istio (as part of Mixer)

API Gateway Authorization with Kong

KubeShield

Secure Kubernetes using eBPF & Open Policy Agent

SSH and Sudo Authorization with Linux

Lula

The Cloud-Native Compliance Engine

Magda

OAuth2

OpenID Connect (OIDC)

.NET Package (me-viper)

OPA Errors

OPA error message reference

OPA Playground

Online Rego Playground

OPA Spring Boot SDK (Styra)

Wasm Java Gradle SDK (sangkeon)

OpenFaaS Serverless Function Authorization

OPToggles (Open Policy Toggles)

Pomerium Access Proxy

Pre-commit hooks

Rego Cheat Sheet

Quick reference for learning Rego

rego-test-assertions

Helper functions for unit testing Rego

regocpp

Rekor transparency log monitoring and alerting

Reposaur

Sansshell

Armory Policy Engine for Spinnaker

SQL Database Data Filtering

Styra Academy

OPA Learning Portal

TavoAI

Terraform Cloud

Alfred

Self-hosted OPA playground

Alluxio

ANTLR Grammar

.NET Core Middleware (build-security)

Awesome OPA List

AWS API Gateway

Carbonetes - BrainIAC

CircleCI

App authorization for Clojure

CoreDNS Authorization

Library-based Microservice Authorization

Easegress

Emissary-Ingress

Express OR in Rego

Idiomatic Rego Examples

fiber

Gluu Gateway Authorization

Custom Application with Field-level Authorization in Graphene GraphQL

Jenkins Job Trigger Policy Enforcement

Kubernetes Provisioning

Minio API Authorization

Nginx

NodeJS Express (build-security)

Java Client (Bisnode)

Python Client (Turall)

Open Service Mesh (OSM)

Rego Language Comparisons

Learn Rego by comparison

Automatically document Rego policies

Sysdig Image Scanner Admission Controller

ccbr

Zed Extension

OPA Integration for the Zed editor