awesome-opa
github.com/styraoss/awesome-opa ↗A curated list of OPA related tools, frameworks and articles
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me testing blogs and articles resources from awesome-opa"
Installation instructions →What's inside
Kubernetes
- Admission policy development
OPA Kubernetes validation and mutation testing environment
- Cosign Gatekeeper Provider
Cosign Provider a new provider of OPA Gatekeeper's ExternalData feature to verify container images
- Gatekeeper
A validating and mutating webhook that enforces CRD-based policies executed by OPA for Kubernetes
- Gatekeeper Conftest plugin
A Conftest plugin that transforms input objects to be compatible with OPA Gatekeeper policies.
- Gatekeeper in a CI/CD pipelineBlogs and Articles
Guide on how to setup your CI environment to test your Kubernetes configuration against your policy in a CI environment as part of a GitOps strategy
- Gatekeeper Policy Library
A collection of constraint templates and sample constraints that you can use with Gatekeeper
Testing
- Advanced Rego Testing TechniquesTesting Blogs and Articles
Great blog on testing patterns for Rego, by Nicholaos Mouzourakis
- gator CLI
Command line unit test runner for OPA Gatekeeper
- github-action-opa-rego-test
GitHub Action to automate testing for your OPA Rego policies and generates a report.
- kube-review
CLI tool to quickly create
- ocov
Colors
- opa-codecov
Convert OPA test coverage report to a JSON format supported by Codecov
Tools and Utilities
- alfred
A self-hosted OPA Playground Alternative
- dependency-management-data (DMD)
- Fregot
Alternative REPL implementation for Rego
- mcov
A tool that'll check your Rego source files and report the minimum compatible OPA version required
- Monitor OPA Gatekeeper
Monitoring implementation guide for OPA Gatekeeper (
- opactl
A simple tool to turn your Rego rule into CLI command (
Datasource Integrations
- Alluxio
Alluxio is a data orchestration tool which allows
- Apache KafkaDatasource Integrations Blogs and Articles
Controlling Kafka Data Flows using Open Policy Agent
- Data Filtering on Spring Data
Data filtering for MongoDB and JPA using OPA
- Elasticsearch
OPA-Elasticsearch Data Filtering Example
- Google Calendar
Integrating OPA with the Google Calendar API
- Google Calendar IntegrationDatasource Integrations Blogs and Articles
The Power of Data: Calendar-based Policy Enforcement
People
- Amsterdam OPA UsersMeetup Groups
- @anderseknertMaintainers
Anders Eknert 🇸🇪 - OPA developer advocate (
- @antonioberbenCommunity Stars
Antonio Berben 🇪🇸 - OPA Contributor & Blogger
- @ashutosh-narkarMaintainers
Ash Narkar 🇺🇸 - OPA maintainer (
- @charlieegan3Maintainers
Charlie Egan 🇬🇧 - OPA developer advocate (
- @developer-guyCommunity Stars
Batuhan Apaydin 🇹🇷 - OPA and many CNCF projects (
Language and Platform Integrations
- ASP.NET Core.NET
ASP.NET Core authorization middleware
- Bottle AuthorizationPython
Custom Bottle Application Authorization
- clj-opaClojure
Middleware and utilities for app authorization with OPA in Clojure
- C# SDK.NET
C# SDK for interacting with OPA (
- Dockerfile securityDocker
A collection of OPA rules to statically analyze Dockerfiles to improve security
- Docker Security CheckerDocker
OPA Rego policies for Dockerfile Security checks using Conftest
IDE and Editor Integrations
- Atom
Syntax highlighting for the Atom editor
- CodeMirror
Rego mode and minimal key map for
- codemirror-lang-rego
Complete Rego language support for CodeMirror 6, with syntax highlighting, autocomplete, and intelligent data context awareness.
- Emacs
Emacs Major mode for working with Rego
- highlight.js
Rego syntax support for
- IntelliJ plugin
OPA plugin for the IntelliJ IDE
Infrastructure as Code
- AWS CDK with OPAInfrastructure as Code Blogs and Articles
Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent
- Example Terraform policies
Example Terraform policies
- GCP policy guardrails for Terraform
Rego reference policy library for GCP controls (originally from forseti). Originally used by
- Infracost
Infracost generates cloud cost estimates for Terraform and integrates with OPA, it can be used to write
- KICS
Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
- Kubernetes AuthorizationInfrastructure as Code Blogs and Articles
Kubernetes Authorization via Open Policy Agent
Showing a sample of 217 resources. View the full list on GitHub →