OPA Ecosystem

Rego Language

Rego is the policy language used by OPA and there are various integrations that make working with the language easier.

OPA at Scale

OPA has a number of features that are most useful when running OPA in production. These integrations make use of those features, and make it easier to use OPA at scale.

  • Bundles (4 projects) - Distribute policy and data to OPA instances
  • Discovery Bundles (2 projects) - Distribute flexible configuration to OPAs
  • External Data (4 projects) - Manage and update external data loaded into OPA
  • External Data: Push (2 projects) - Manage and update external data loaded into OPA

Tool Integrations

OPA plays nice with a range of existing tools too via some bespoke integrations.

  • Code Editors (2 projects) - Use OPA and Rego in your editor
  • Envoy (4 projects) - Integrate with the Envoy proxy
  • Kubernetes (10 projects) - Integrate OPA with Kubernetes
  • Terraform (8 projects) - Integrate OPA with Terraform

Create with OPA

OPA's SDKs and APIs offer a solid foundation for all kinds of projects. See the integrations below for inspiration.

Language Integrations

Integrate natively with OPA directly from your programming language of choice.

Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.

All Integrations

Kubernetes Admission Control

Terraform Policy

Styra Declarative Authorization Service

Container Network Authorization with Envoy

Authorization for Spring Security

Kafka Topic Authorization

Trino

Aserto

Regal

Rönd

Conftest

env0

Fairwinds Insights Configuration Validation Software

OPA Gatekeeper

OPA Wasm Javascript Module

Permit.io

PHP OPA Library

Strimzi (Apache Kafka on Kubernetes)

Styra Enterprise OPA

Topaz

Authorization Integration with Apache APISIX

AWS CloudFormation Hook

C# OPA SDK (Styra)

Ceph Object Storage Authorization

Dapr

dependency-management-data

Flipt

i2scim.io SCIM Restful User/Group Provisioning API

Java OPA SDK (Styra)

Kubernetes Authorization

Kubescape

Legitify

OPA Go SDK

OPA Wasm Rust Crate

OPAL

Open Policy Registry

Pulumi

raygun

Scalr

Spacelift

SPIRE

Torque

Typescript OPA SDK (Styra)

VS Code Extension

walt.id SSI Kit

Wasm .NET Package (christophwille)

Wasm .NET Package (me-viper)

.NET Package (me-viper)

API Gateway Authorization with Kong

Armory Policy Engine for Spinnaker

Atmos

Backstage

Boomerang Bosun Policy Gating

Bottle Application Authorization

Chef Automate

Cloudflare Worker Enforcement of OPA Policies Using Wasm

Container Network Authorization with Istio (as part of Mixer)

Container Signing, Verification and Storage in an OCI registry

Digger

Docker controls via OPA Policies

Elasticsearch Data Filtering

Enterprise Contract

fig

Flask-OPA

GCP audit with Forseti

GKE Policy Automation

Gloo API Gateway

Google Calendar

Gradle Build Plugin (Bisnode)

GraphQL

HTTP API Authorization in Dart

IPTables

Kubernetes Admission Control using Vulnerability Scanning

KubeShield

Magda

OAuth2

OPA Errors

OPA Playground

OpenFaaS Serverless Function Authorization

OpenID Connect (OIDC)

OPToggles (Open Policy Toggles)

Pomerium Access Proxy

Pre-commit hooks

Rego Cheat Sheet

rego-test-assertions

regocpp

Rekor transparency log monitoring and alerting

Reposaur

Sansshell

SQL Database Data Filtering

SSH and Sudo Authorization with Linux

Styra Academy

Terraform Cloud

Traefik API Gateway

Wasm Java Gradle SDK (sangkeon)

.NET Core Middleware (build-security)

Alfred

Alluxio

ANTLR Grammar

App authorization for Clojure

Automatically document Rego policies

Awesome OPA List

AWS API Gateway

Carbonetes - BrainIAC

ccbr

CircleCI

CoreDNS Authorization

Custom Application with Field-level Authorization in Graphene GraphQL

Easegress

Emissary-Ingress

Express OR in Rego

fiber

Gluu Gateway Authorization

Java Client (Bisnode)

Jenkins Job Trigger Policy Enforcement

Kubernetes Provisioning

Library-based Microservice Authorization

Minio API Authorization

Nginx

NodeJS Express (build-security)

Open Service Mesh (OSM)

Python Client (Turall)

Rego Language Comparisons

Sysdig Image Scanner Admission Controller

Zed Extension

Integrations are ordered by the amount of linked content.