OPA Ecosystem

Rego Language

Rego is the policy language used by OPA and there are various integrations that make working with the language easier.

OPA at Scale

OPA has a number of features that are most useful when running OPA in production. These integrations make use of those features, and make it easier to use OPA at scale.

  • Bundles (4 projects) - Distribute policy and data to OPA instances
  • Discovery Bundles (2 projects) - Distribute flexible configuration to OPAs
  • External Data (4 projects) - Manage and update external data loaded into OPA
  • External Data: Push (2 projects) - Manage and update external data loaded into OPA

Tool Integrations

OPA plays nice with a range of existing tools too via some bespoke integrations.

  • Envoy (4 projects) - Integrate with the Envoy proxy
  • Kubernetes (10 projects) - Integrate OPA with Kubernetes
  • Terraform (7 projects) - Integrate OPA with Terraform

Create with OPA

OPA's SDKs and APIs offer a solid foundation for all kinds of projects. See the integrations below for inspiration.

Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.

All Integrations

Kubernetes Admission Control

Terraform Policy

Styra Declarative Authorization Service

Container Network Authorization with Envoy

Authorization for Java Spring Security

Kafka Topic Authorization

Trino

Aserto

Regal

Rönd

Conftest

Fairwinds Insights Configuration Validation Software

OPA Gatekeeper

OPA Wasm Javascript Module

Permit.io

PHP OPA Library

Strimzi (Apache Kafka on Kubernetes)

Styra Enterprise OPA

Topaz

Authorization Integration with Apache APISIX

AWS CloudFormation Hook

Ceph Object Storage Authorization

Dapr

dependency-management-data

i2scim.io SCIM Restful User/Group Provisioning API

Kubernetes Authorization

Kubescape

Legitify

OPA Wasm .NET core SDK

OPA Wasm .NET package

OPA Wasm Rust Crate

OPAL

Open Policy Registry

Pulumi

Scalr

Spacelift

SPIRE

Torque

walt.id SSI Kit

API Gateway Authorization with Kong

Armory Policy Engine for Spinnaker

ASP.NET Core OPA Authorization

Atmos

Backstage

Boomerang Bosun Policy Gating

Bottle Application Authorization

Chef Automate

Cloudflare Worker Enforcement of OPA Policies Using Wasm

Container Network Authorization with Istio (as part of Mixer)

Container Signing, Verification and Storage in an OCI registry

Digger

Docker controls via OPA Policies

Elasticsearch Data Filtering

Enterprise Contract

fig

Flask-OPA

GCP audit with Forseti

GKE Policy Automation

Gloo API Gateway

Google Calendar

Gradle Build Plugin

GraphQL

HTTP API Authorization in Dart

IPTables

Kubernetes Admission Control using Vulnerability Scanning

KubeShield

Magda

OAuth2

OPA Errors

OPA Playground

OPA Wasm Java Gradle SDK

OpenFaaS Serverless Function Authorization

OpenID Connect (OIDC)

OPToggles (Open Policy Toggles)

Pomerium Access Proxy

Pre-commit hooks

Rego Cheat Sheet

rego-test-assertions

regocpp

Rekor transparency log monitoring and alerting

Reposaur

Sansshell

SQL Database Data Filtering

SSH and Sudo Authorization with Linux

Styra Academy

Terraform Cloud

Traefik API Gateway

Alfred

Alluxio

ANTLR Grammar

App authorization for Clojure

ASP.NET Core

Authorization for Java

Automatically document Rego policies

Awesome OPA List

AWS API Gateway

Carbonetes - BrainIAC

ccbr

CircleCI

CoreDNS Authorization

Custom Application with Field-level Authorization in Graphene GraphQL

Easegress

Emissary-Ingress

Express OR in Rego

fiber

Gluu Gateway Authorization

Jenkins Job Trigger Policy Enforcement

Kubernetes Provisioning

Library-based Microservice Authorization

Minio API Authorization

Nginx

NodeJS express

Open Service Mesh (OSM)

Sysdig Image Scanner Admission Controller

Integrations are ordered by the amount of linked content.