OPA Ecosystem

Showcase of OPA integrations, use-cases, and related projects.

Rego Language

Rego is the policy language used by OPA and there are various integrations that make working with the language easier.

Debugging Rego (5 projects) - Work out what's going on with your Rego policies
Learning Rego (8 projects) - Learn and write Rego
Policy Testing (7 projects) - Test and validate Rego policies

OPA at Scale

OPA has a number of features that are most useful when running OPA in production. These integrations make use of those features, and make it easier to use OPA at scale.

Bundles (4 projects) - Distribute policy and data to OPA instances
Discovery Bundles (2 projects) - Distribute flexible configuration to OPAs
External Data (4 projects) - Manage and update external data loaded into OPA
External Data: Push (2 projects) - Manage and update external data loaded into OPA

Tool Integrations

OPA plays nice with a range of existing tools too via some bespoke integrations.

Code Editors (2 projects) - Use OPA and Rego in your editor
Envoy (4 projects) - Integrate with the Envoy proxy
Kubernetes (10 projects) - Integrate OPA with Kubernetes
Terraform (8 projects) - Integrate OPA with Terraform

Create with OPA

OPA's SDKs and APIs offer a solid foundation for all kinds of projects. See the integrations below for inspiration.

Go Integrations (15 projects) - Projects using OPA as a Go module
REST API Integrations (18 projects) - Examples of projects which integrate with the OPA REST API.
Wasm Integrations (6 projects) - Projects using the Wasm functionality of OPA.

Language Integrations

Integrate natively with OPA directly from your programming language of choice.

Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.

All Integrations

Kubernetes Admission Control

Terraform Policy

Styra Declarative Authorization Service

Container Network Authorization with Envoy

Authorization for Spring Security

Kafka Topic Authorization

Trino

Aserto

Regal

Rönd

Conftest

env0

Fairwinds Insights Configuration Validation Software

OPA Gatekeeper

OPA Wasm Javascript Module

Permit.io

PHP OPA Library

Strimzi (Apache Kafka on Kubernetes)

Styra Enterprise OPA

Topaz

Authorization Integration with Apache APISIX

AWS CloudFormation Hook

C# OPA SDK (Styra)

Ceph Object Storage Authorization

Dapr

dependency-management-data

Flipt

i2scim.io SCIM Restful User/Group Provisioning API

Java OPA SDK (Styra)

Kubernetes Authorization

Kubescape

Legitify

OPA ASP.NET Core SDK (Styra)

OPA Go SDK

OPA Wasm Rust Crate

OPAL

Open Policy Registry

Pulumi

raygun

Scalr

Spacelift

SPIRE

Torque

Typescript OPA SDK (Styra)

VS Code Extension

walt.id SSI Kit

Wasm .NET Package (christophwille)

Wasm .NET Package (me-viper)

.NET Package (me-viper)

API Gateway Authorization with Kong

Armory Policy Engine for Spinnaker

Atmos

Backstage

Boomerang Bosun Policy Gating

Bottle Application Authorization

Chef Automate

Cloudflare Worker Enforcement of OPA Policies Using Wasm

Container Network Authorization with Istio (as part of Mixer)

Container Signing, Verification and Storage in an OCI registry

Digger

Docker controls via OPA Policies

Elasticsearch Data Filtering

Enterprise Contract

fig

Flask-OPA

GCP audit with Forseti

GitHub Action for OPA Rego Test

GKE Policy Automation

Gloo API Gateway

Google Calendar

Gradle Build Plugin (Bisnode)

GraphQL

HTTP API Authorization in Dart

IPTables

Kubernetes Admission Control using Vulnerability Scanning

KubeShield

Lula

Magda

OAuth2

OPA Errors

OPA Playground

OPA Spring Boot SDK (Styra)

OpenFaaS Serverless Function Authorization

OpenID Connect (OIDC)

OPToggles (Open Policy Toggles)

Pomerium Access Proxy

Pre-commit hooks

Rego Cheat Sheet

rego-test-assertions

regocpp

Rekor transparency log monitoring and alerting

Reposaur

Sansshell

SQL Database Data Filtering

SSH and Sudo Authorization with Linux

Styra Academy

Terraform Cloud

Traefik API Gateway

Wasm Java Gradle SDK (sangkeon)

.NET Core Middleware (build-security)

Alfred

Alluxio

ANTLR Grammar

App authorization for Clojure

Automatically document Rego policies

Awesome OPA List

AWS API Gateway

Carbonetes - BrainIAC

ccbr

CircleCI

CoreDNS Authorization

Custom Application with Field-level Authorization in Graphene GraphQL

Easegress

Emissary-Ingress

Express OR in Rego

fiber

Gluu Gateway Authorization

Java Client (Bisnode)

Jenkins Job Trigger Policy Enforcement

Kubernetes Provisioning

Library-based Microservice Authorization

Minio API Authorization

Nginx

NodeJS Express (build-security)

Open Service Mesh (OSM)

Python Client (Turall)

Rego Language Comparisons

Sysdig Image Scanner Admission Controller

Zed Extension

Integrations are ordered by the amount of linked content.