Open Policy Agent
Sysdig Secure extends Open Policy Agent to strengthen cloud and Kubernetes security with policy as code.
Watch On Demand! FIND, FOCUS, and FIX the Cloud Threats that Matter with Accenture, AWS, Expel, Snyk, Sysdig and SANS
The Open Policy Agent (OPA) is an open-source policy engine that unifies policy enforcement for cloud-native environments. It is a Cloud Native Computing Foundation® (CNCF®) graduate project.
Sysdig Secure uses OPA to manage compliance and governance policies as code for Kubernetes.
Why OPA?
Open source
Be part of the vibrant community that continuously improves the depth and breadth of innovative use cases.
Flexible deployment
Deploy OPA as an independent daemon, import an OPA-enabled library, or use a network proxy integrated with OPA.
Policy as code
Decouple policies from business-logic with context-aware policy rules based in Rego, and unify policy enforcement across the stack.
Sysdig Secure Extends OPA
Sysdig Secure leverages OPA to enforce consistent policies across multiple IaC (Terraform, Helm, Kustomize) and Kubernetes environments, using policy as code framework. It allows DevOps teams to shift security further left by scanning infrastructure as code source files before deployment. Sysdig Secure also detects runtime drift, prioritizes based on application context, and fixes issues directly at the source with a pull-request.
Get involved
Find out more about OPA
Contribute
Jump over to the project GitHub repository to contribute to OPA.
Project website
Learn more at the project's website