Skip to main content

OPA Ecosystem

Showcase of OPA integrations, use-cases, and related projects.

Create With OPA

Integrate with OPA from your language

Rego Language

Rego is the policy language used by OPA and there are various integrations that make working with the language easier.

Policy Testing – Test and validate Rego policies
Learning Rego – Learn and write Rego
Debugging Rego – Work out what's going on with your Rego policies

OPA at Scale

OPA has a number of features that are most useful when running OPA in production. These integrations make use of those features, and make it easier to use OPA at scale.

Status API – Gather runtime information from OPA instances
Bundles – Distribute policy and data to OPA instances
Discovery Bundles – Distribute flexible configuration to OPAs
External Data – Manage and update external data loaded into OPA
External Data: Runtime – Load in on demand at runtime
External Data: Push – Manage and update external data loaded into OPA

Tool Integrations

OPA plays nice with a range of existing tools too via some bespoke integrations.

Terraform – Integrate OPA with Terraform
Kubernetes – Integrate OPA with Kubernetes
Envoy – Integrate with the Envoy proxy
Code Editors – Use OPA and Rego in your editor

Created with OPA

OPA's SDKs and APIs offer a solid foundation for all kinds of projects. See the integrations below for inspiration.

Wasm Integrations – Projects using the Wasm functionality of OPA.
REST API Integrations – Examples of projects which integrate with the OPA REST API.
Go Integrations – Projects using OPA as a Go module

All Entries & Integrations

All integrations are ordered by the number of linked resources. Add yours!

Kubernetes Admission Control

Control cluster operations with Rego policies

Terraform Policy

Check resources are compliant before they're deployed.

Container Network Authorization with Envoy

Official OPA Envoy Integration

Spring Security Authorization

Use OPA to make authorization decisions in Spring applications

Trino

Regal

The Linter of Rego Language

Kafka Topic Authorization

Build fine grained access control for Kafka topics

Aserto

Topaz

Strimzi (Apache Kafka on Kubernetes)

Rönd

PHP OPA Library

OPA Wasm Javascript Module

OPA Gatekeeper

Rego Policy Controller for Kubernetes

env0

Conftest

Rego policy for configuration files

walt.id SSI Kit

Self-Sovereign Identity toolkit with OPA policy support

Vulnetix

Unified CLI security scanner powered by Rego policies

VS Code Extension

OPA Integration for the VS Code editor

Traefik API Gateway

Torque

Swift-OPA

Swift package for evaluating OPA IR Plans

SPIRE

Spacelift

Scalr

Policy enforcement for Terraform

raygun

Black-box Automated Testing for Rego

Pulumi

Pomerium Access Proxy

Permit.io

OPAL

Open Policy Administration Layer

OPA Wasm Rust Crate

Wasm .NET Package (christophwille)

Typescript OPA SDK (Styra)

Java OPA SDK (Styra)

Java OPA Wasm SDK (Styra)

OPA Go SDK

Wasm .NET Package (me-viper)

C# OPA SDK (Styra)

OPA ASP.NET Core SDK (Styra)

Nomad Admission Control Proxy

NACP

Legitify

Security policy for SCM

Kubescape

Kubernetes security posture scanner

Kubernetes Authorization

i2scim.io SCIM Restful User/Group Provisioning API

Flipt

CloudNative Feature Flag Management

EOPA

dependency-management-data

A set of tooling to get a better understanding of the use of dependencies across your organisation.

Dapr

Container Signing, Verification and Storage in an OCI registry

Big ACL

AWS CloudFormation Hook

Authorization Integration with Apache APISIX

Terraform Cloud

TavoAI

SQL Database Data Filtering

Reposaur

Rekor transparency log monitoring and alerting

regocpp

rego-test-assertions

Helper functions for unit testing Rego

Rego Cheat Sheet

Quick reference for learning Rego

Principled Evolution (GOPAL & AICertify)

Pre-commit hooks

OPToggles (Open Policy Toggles)

OpenFaaS Serverless Function Authorization

OPA Wasm Zig Library

Wasm Java Gradle SDK (sangkeon)

OPA Spring Boot SDK (Styra)

OPA Playground

Online Rego Playground

OPA Errors

OPA error message reference

.NET Package (me-viper)

OpenID Connect (OIDC)

Open Policy Containers

A Docker-inspired workflow for OPA policies

OAuth2

Moat

A Data Control Plane for Trino & OPA

Magda

SSH and Sudo Authorization with Linux

KubeShield

Secure Kubernetes using eBPF & Open Policy Agent

IPTables

GraphQL

Gradle Build Plugin (Bisnode)

GKE Policy Automation

Google Calendar

Gloo API Gateway

GitHub Action for OPA Rego Test

GitHub Action to automate testing OPA Rego policies

GCP audit with Forseti

Flask-OPA

fig

Fairwinds Insights Configuration Validation Software

Elasticsearch Data Filtering

Docker controls via OPA Policies

Digger

GitOps for Terraform

HTTP API Authorization in Dart

Conforma

Cloudflare Worker Enforcement of OPA Policies Using Wasm

Kubernetes Admission Control using Vulnerability Scanning

Chef Automate

Operational Visibility Dashboard

Ceph Object Storage Authorization

Bottle Application Authorization

Boomerang Bosun Policy Gating

Backstage

Atmos

Zed Extension

OPA Integration for the Zed editor

ccbr

CIS Benchmark for Kubernetes with Rego

Sysdig Image Scanner Admission Controller

Armory Policy Engine for Spinnaker

Automatically document Rego policies

Sansshell

Rego Language Comparisons

Learn Rego by comparison

Open Service Mesh (OSM)

Python Client (Turall)

Java Client (Bisnode)

Nginx

Minio API Authorization

Lula

The Cloud-Native Compliance Engine

Kubernetes Provisioning

Kopa

API Gateway Authorization with Kong

Jenkins Job Trigger Policy Enforcement

fiber

Express OR in Rego

Idiomatic Rego Examples

Emissary-Ingress

Easegress

Library-based Microservice Authorization

CoreDNS Authorization

App authorization for Clojure

CircleCI

Carbonetes - BrainIAC

AWS API Gateway

Awesome OPA List

ANTLR Grammar

Alluxio

Alfred

Self-hosted OPA playground