Rego Language
Rego is the policy language used by OPA and there are various integrations that make working with the language easier.
- Debugging Rego (4 projects) - Work out what's going on with your Rego policies
- Learning Rego (8 projects) - Learn and write Rego
- Policy Testing (6 projects) - Test and validate Rego policies
OPA at Scale
OPA has a number of features that are most useful when running OPA in production. These integrations make use of those features, and make it easier to use OPA at scale.
- Bundles (4 projects) - Distribute policy and data to OPA instances
- Discovery Bundles (2 projects) - Distribute flexible configuration to OPAs
- External Data (4 projects) - Manage and update external data loaded into OPA
- External Data: Push (2 projects) - Manage and update external data loaded into OPA
Tool Integrations
OPA plays nice with a range of existing tools too via some bespoke integrations.
- Code Editors (2 projects) - Use OPA and Rego in your editor
- Envoy (4 projects) - Integrate with the Envoy proxy
- Kubernetes (10 projects) - Integrate OPA with Kubernetes
- Terraform (8 projects) - Integrate OPA with Terraform
Create with OPA
OPA's SDKs and APIs offer a solid foundation for all kinds of projects. See the integrations below for inspiration.
- Go Integrations (14 projects) - Projects using OPA as a Go module
- REST API Integrations (18 projects) - Examples of projects which integrate with the OPA REST API.
- Wasm Integrations (6 projects) - Projects using the Wasm functionality of OPA.
Do you have an OPA-based project or integration to share? Follow
these instructions
to get it listed or go to the #ecosystem
channel in the
OPA Slack
if you have any questions.
All Integrations
![Integration Logo](/img/logos/integrations/kubernetes-validating-admission.png)
Kubernetes Admission Control
![Integration Logo](/img/logos/integrations/terraform.png)
Terraform Policy
![Integration Logo](/img/logos/integrations/styra-das.png)
Styra Declarative Authorization Service
![Integration Logo](/img/logos/integrations/envoy-authorization.png)
Container Network Authorization with Envoy
![Integration Logo](/img/logos/integrations/springsecurity-api.png)
Authorization for Java Spring Security
![Integration Logo](/img/logos/integrations/kafka-authorization.png)
Kafka Topic Authorization
![Integration Logo](/img/logos/integrations/trino.png)
Trino
![Integration Logo](/img/logos/integrations/aserto.png)
Aserto
![Integration Logo](/img/logos/integrations/regal.png)
Regal
![Integration Logo](/img/logos/integrations/rond.png)
Rönd
![Integration Logo](/img/logos/integrations/conftest.png)
Conftest
![Integration Logo](/img/logos/integrations/env0.png)
env0
![Integration Logo](/img/logos/opa-no-text-color.png)
Fairwinds Insights Configuration Validation Software
![Integration Logo](/img/logos/opa-no-text-color.png)
OPA Gatekeeper
![Integration Logo](/img/logos/integrations/opa-wasm-js.png)
OPA Wasm Javascript Module
![Integration Logo](/img/logos/integrations/permit.png)
Permit.io
![Integration Logo](/img/logos/integrations/php-authorization.png)
PHP OPA Library
![Integration Logo](/img/logos/integrations/strimzi.png)
Strimzi (Apache Kafka on Kubernetes)
![Integration Logo](/img/logos/integrations/enterprise-opa.png)
Styra Enterprise OPA
Topaz
![Integration Logo](/img/logos/integrations/apache-apisix.png)
Authorization Integration with Apache APISIX
AWS CloudFormation Hook
![Integration Logo](/img/logos/integrations/ceph.png)
Ceph Object Storage Authorization
![Integration Logo](/img/logos/integrations/dapr.png)
Dapr
![Integration Logo](/img/logos/integrations/dependency-management-data.png)
dependency-management-data
![Integration Logo](/img/logos/integrations/flipt.png)
Flipt
![Integration Logo](/img/logos/integrations/i2scim.png)
i2scim.io SCIM Restful User/Group Provisioning API
![Integration Logo](/img/logos/integrations/kubernetes-authorization.png)
Kubernetes Authorization
![Integration Logo](/img/logos/integrations/kubescape.png)
Kubescape
![Integration Logo](/img/logos/integrations/legitify.png)
Legitify
![Integration Logo](/img/logos/integrations/opa-dotnet.png)
OPA Wasm .NET core SDK
![Integration Logo](/img/logos/integrations/opa-wasm-dotnet.png)
OPA Wasm .NET package
![Integration Logo](/img/logos/integrations/opa-wasm-rust.png)
OPA Wasm Rust Crate
![Integration Logo](/img/logos/integrations/opal.png)
OPAL
Open Policy Registry
![Integration Logo](/img/logos/integrations/pulumi.png)
Pulumi
![Integration Logo](/img/logos/integrations/raygun.png)
raygun
![Integration Logo](/img/logos/integrations/scalr-iacp.png)
Scalr
![Integration Logo](/img/logos/integrations/spacelift.png)
Spacelift
![Integration Logo](/img/logos/integrations/spire.png)
SPIRE
![Integration Logo](/img/logos/integrations/torque.png)
Torque
![Integration Logo](/img/logos/integrations/vscode-opa.png)
VS Code Extension
![Integration Logo](/img/logos/integrations/waltid.png)
walt.id SSI Kit
![Integration Logo](/img/logos/integrations/kong-authorization.png)
API Gateway Authorization with Kong
![Integration Logo](/img/logos/integrations/spinnaker-pipeline.png)
Armory Policy Engine for Spinnaker
![Integration Logo](/img/logos/integrations/opa-dotnet-asp-core.png)
ASP.NET Core OPA Authorization
![Integration Logo](/img/logos/integrations/atmos.png)
Atmos
Backstage
![Integration Logo](/img/logos/integrations/boomerang-bosun.png)
Boomerang Bosun Policy Gating
![Integration Logo](/img/logos/integrations/bottle.png)
Bottle Application Authorization
![Integration Logo](/img/logos/opa-no-text-color.png)
Chef Automate
![Integration Logo](/img/logos/integrations/cloudflare-worker.png)
Cloudflare Worker Enforcement of OPA Policies Using Wasm
![Integration Logo](/img/logos/integrations/istio-authorization-mixer.png)
Container Network Authorization with Istio (as part of Mixer)
![Integration Logo](/img/logos/integrations/cosign.png)
Container Signing, Verification and Storage in an OCI registry
![Integration Logo](/img/logos/integrations/digger.png)
Digger
![Integration Logo](/img/logos/integrations/docker-machine.png)
Docker controls via OPA Policies
![Integration Logo](/img/logos/integrations/elasticsearch-datafiltering.png)
Elasticsearch Data Filtering
Enterprise Contract
![Integration Logo](/img/logos/integrations/fig.png)
fig
![Integration Logo](/img/logos/integrations/flask-opa.png)
Flask-OPA
![Integration Logo](/img/logos/integrations/gcp-forseti.png)
GCP audit with Forseti
![Integration Logo](/img/logos/integrations/google-kubernetes-engine.png)
GKE Policy Automation
![Integration Logo](/img/logos/integrations/gloo-api-gateway.png)
Gloo API Gateway
![Integration Logo](/img/logos/integrations/google-calendar.png)
Google Calendar
![Integration Logo](/img/logos/integrations/gradle-plugin.png)
Gradle Build Plugin
![Integration Logo](/img/logos/integrations/graphql.png)
GraphQL
![Integration Logo](/img/logos/integrations/dart-authorization.png)
HTTP API Authorization in Dart
![Integration Logo](/img/logos/integrations/iptables.png)
IPTables
![Integration Logo](/img/logos/integrations/clair-datasource.png)
Kubernetes Admission Control using Vulnerability Scanning
![Integration Logo](/img/logos/integrations/kubeshield.png)
KubeShield
![Integration Logo](/img/logos/integrations/magda.png)
Magda
OAuth2
![Integration Logo](/img/logos/integrations/opa-errors.png)
OPA Errors
![Integration Logo](/img/logos/integrations/opa-playground.png)
OPA Playground
![Integration Logo](/img/logos/integrations/opa-wasm-java.png)
OPA Wasm Java Gradle SDK
![Integration Logo](/img/logos/integrations/openfaas-function-authorization.png)
OpenFaaS Serverless Function Authorization
![Integration Logo](/img/logos/integrations/oidc.png)
OpenID Connect (OIDC)
![Integration Logo](/img/logos/integrations/optoggles.png)
OPToggles (Open Policy Toggles)
![Integration Logo](/img/logos/integrations/pomerium-authz.png)
Pomerium Access Proxy
![Integration Logo](/img/logos/integrations/pre-commit-hooks.png)
Pre-commit hooks
![Integration Logo](/img/logos/integrations/rego-cheat-sheet.png)
Rego Cheat Sheet
![Integration Logo](/img/logos/integrations/rego-test-assertions.png)
rego-test-assertions
regocpp
Rekor transparency log monitoring and alerting
![Integration Logo](/img/logos/integrations/reposaur.png)
Reposaur
![Integration Logo](/img/logos/opa-no-text-color.png)
Sansshell
![Integration Logo](/img/logos/integrations/sql-datafiltering.png)
SQL Database Data Filtering
![Integration Logo](/img/logos/integrations/linux-pam.png)
SSH and Sudo Authorization with Linux
![Integration Logo](/img/logos/integrations/styra-academy.png)
Styra Academy
![Integration Logo](/img/logos/integrations/terraform-cloud.png)
Terraform Cloud
![Integration Logo](/img/logos/integrations/traefik-api-gateway.png)
Traefik API Gateway
![Integration Logo](/img/logos/integrations/alfred.png)
Alfred
![Integration Logo](/img/logos/integrations/alluxio.png)
Alluxio
![Integration Logo](/img/logos/integrations/antlr.png)
ANTLR Grammar
![Integration Logo](/img/logos/integrations/clojure.png)
App authorization for Clojure
![Integration Logo](/img/logos/integrations/asp-dotnet-core.png)
ASP.NET Core
![Integration Logo](/img/logos/integrations/java.png)
Authorization for Java
![Integration Logo](/img/logos/integrations/sphinx-rego.png)
Automatically document Rego policies
![Integration Logo](/img/logos/opa-no-text-color.png)
Awesome OPA List
![Integration Logo](/img/logos/integrations/aws-api-gateway.png)
AWS API Gateway
![Integration Logo](/img/logos/integrations/carbonetes.png)
Carbonetes - BrainIAC
![Integration Logo](/img/logos/opa-no-text-color.png)
ccbr
![Integration Logo](/img/logos/integrations/circleci.png)
CircleCI
![Integration Logo](/img/logos/integrations/coredns-authz.png)
CoreDNS Authorization
![Integration Logo](/img/logos/integrations/graphene-graphql.png)
Custom Application with Field-level Authorization in Graphene GraphQL
Easegress
![Integration Logo](/img/logos/integrations/emissary-ingress.png)
Emissary-Ingress
![Integration Logo](/img/logos/integrations/expressing-or.png)
Express OR in Rego
![Integration Logo](/img/logos/integrations/fiber.png)
fiber
![Integration Logo](/img/logos/integrations/gluu-gateway-authz.png)
Gluu Gateway Authorization
![Integration Logo](/img/logos/integrations/jenkins-job-authorization.png)
Jenkins Job Trigger Policy Enforcement
![Integration Logo](/img/logos/integrations/kubernetes-provisioning.png)
Kubernetes Provisioning
![Integration Logo](/img/logos/opa-no-text-color.png)
Library-based Microservice Authorization
![Integration Logo](/img/logos/integrations/minio.png)
Minio API Authorization
![Integration Logo](/img/logos/integrations/nginx.png)
Nginx
![Integration Logo](/img/logos/integrations/nodejs-express.png)
NodeJS express
![Integration Logo](/img/logos/integrations/open-service-mesh.png)
Open Service Mesh (OSM)
![Integration Logo](/img/logos/integrations/rego-language-comparisons.png)
Rego Language Comparisons
![Integration Logo](/img/logos/integrations/sysdig-image-scanner.png)
Sysdig Image Scanner Admission Controller
![Integration Logo](/img/logos/integrations/zed-rego.png)
Zed Extension
Integrations are ordered by the amount of linked content.