Open Policy Agent

Sysdig Secure extends Open Policy Agent to strengthen cloud and Kubernetes security with policy as code.

Start Free

Oct 20 SANS Webinar! Solutions Forum 2022: Is Your SecOps Ready for Cloud and Containers?


The Open Policy Agent (OPA) is an open-source policy engine that unifies policy enforcement for cloud-native environments. It is a Cloud Native Computing Foundation® (CNCF®) graduate project.

Sysdig Secure uses OPA to manage compliance and governance policies as code for Kubernetes.

Why OPA?

Check Mark

Open source

Be part of the vibrant community that continuously improves the depth and breadth of innovative use cases.

Check Mark

Flexible deployment

Deploy OPA as an independent daemon, import an OPA-enabled library, or use a network proxy integrated with OPA.

Check Mark

Policy as code

Decouple policies from business-logic with context-aware policy rules based in Rego, and unify policy enforcement across the stack.

Sysdig Secure Extends OPA

Sysdig Secure leverages OPA to enforce consistent policies across multiple IaC (Terraform, Helm, Kustomize) and Kubernetes environments, using policy as code framework. It allows DevOps teams to shift security further left by scanning infrastructure as code source files before deployment. Sysdig Secure also detects runtime drift, prioritizes based on application context, and fixes issues directly at the source with a pull-request.

IaC Remediate Drift

Read more about IaC Security

Apply Policy as Code based on OPA

Leverage the Open Policy Agent and apply policy as code controls across your Kubernetes workloads.

Get involved

Find out more about OPA

Sysdig Monitor


Jump over to the project GitHub repository to contribute to OPA.

Sysdig Monitor

Project website

Learn more at the project's website