Open Policy Agent
Sysdig Secure extends Open Policy Agent to strengthen cloud and Kubernetes security with policy as code.
NEW!! June 14 | FIND, FOCUS, and FIX the Cloud Threats that Matter with Accenture, AWS, Expel, Snyk, Sysdig and SANS
The Open Policy Agent (OPA) is an open-source policy engine that unifies policy enforcement for cloud-native environments. It is a Cloud Native Computing Foundation® (CNCF®) graduate project.
Sysdig Secure uses OPA to manage compliance and governance policies as code for Kubernetes.
Be part of the vibrant community that continuously improves the depth and breadth of innovative use cases.
Deploy OPA as an independent daemon, import an OPA-enabled library, or use a network proxy integrated with OPA.
Policy as code
Decouple policies from business-logic with context-aware policy rules based in Rego, and unify policy enforcement across the stack.
Sysdig Secure Extends OPA
Sysdig Secure leverages OPA to enforce consistent policies across multiple IaC (Terraform, Helm, Kustomize) and Kubernetes environments, using policy as code framework. It allows DevOps teams to shift security further left by scanning infrastructure as code source files before deployment. Sysdig Secure also detects runtime drift, prioritizes based on application context, and fixes issues directly at the source with a pull-request.
Find out more about OPA
Jump over to the project GitHub repository to contribute to OPA.
Learn more at the project's website