OPA Ecosystem / Go Integrations

Go Integrations

Regal

The Linter of Rego Language by Styra

Regal is built using the Go Rego API. Regal evaluates linting rules defined in Rego against the Rego AST of policy files. The linter package is a good place to see how OPA is used in the project.
View Regal Details

Rönd

Mia-Platform

The Rönd sidecar uses the OPA Rego API to make API-access authorization decisions. See the OPA evaluator code.
View Rönd Details

Conftest

Rego policy for configuration files

Conftest is written in Go and uses the Rego Go API.
View Conftest Details

OPA Gatekeeper

Rego Policy Controller for Kubernetes

OPA Gatekeeper is written in Go and uses the Rego Go API to evaluate policies loaded from Custom Resources.
View OPA Gatekeeper Details

Topaz

Aserto

Topaz’s Authorizer component makes use of the Rego API to evaluate policies to make authorization decisions for connected applications.
View Topaz Details

Dapr

Dapr’s contrib middleware include an OPA integration built on the Go API. This tutorial explains how to configure it.
View Dapr Details

dependency-management-data

A set of tooling to get a better understanding of the use of dependencies across your organisation. by Jamie Tanna

dependency-management-data uses the Go Rego API to make it possible to write more complex rules around usages of Open Source and internal dependencies.

Example policies can be found in DMD’s example project and provide an indication of some common use-cases.

View dependency-management-data Details

Kubescape

Kubernetes security posture scanner by ARMO

Kubescape uses the Go Repo API to test Kubernetes objects against a range of posture controls.
View Kubescape Details

Open Policy Registry

A Docker-inspired workflow for OPA policies by Aserto

Makes use of the OPA Repl package to interact with an OPA instance.
View Open Policy Registry Details

Pulumi

Pulumi

The Pulumi OPA bridge uses the Rego API to evaluate policies in a policy pack. View the docs and code.
View Pulumi Details

Chef Automate

Operational Visibility Dashboard

Chef Automate uses the Go Rego API to evaluate authorization policies controlling access to its own API endpoints. The feature is documented here.
View Chef Automate Details

Container Signing, Verification and Storage in an OCI registry

Sigstore

Cosign In-Toto attestations can be written in Rego, these are evaluated in the Cosign binary using the Go API.
View Details

Enterprise Contract

Enterprise Contract

The Enterprise Contract uses the OPA go library to process rego policies when validating the signatures and attestations of container images and other software artifacts.
View Enterprise Contract Details

Integrations are ordered by the amount of linked content.

Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.