Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Opa Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
OPAL
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...) (by permitio)
-
gke-policy-automation
Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
s3-proxy
S3 Reverse Proxy with GET, PUT and DELETE methods and authentication (OpenID Connect and Basic Auth)
-
regolibrary
The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: The API database architecture – Stop writing HTTP-GET endpoints | news.ycombinator.com | 2024-05-10Yeah, I fully agree. The tooling for putting that much logic into the database is just not great. I've been decently happy with Sqitch[0] for DB change management, but even with that you don't really get a good basis for testing some of the logic you could otherwise test in isolation in app code.
I've also tried to rely heavily on the database handling security and authorization, but as soon as you start to do somewhat non-trivial attribute-/relationship-based authorization (as you would find in many products nowadays), it really isn't fun anymore, and you spend a lot of the time you saved on manually building backend routes on trying to fit you authz model into those basic primitives (and avoiding performance bottlenecks). Especially compares to other modern authz solutions like OPA[1] or oso[2] it really doesn't stack up.
[0]: https://github.com/sqitchers/sqitch
[1]: https://www.openpolicyagent.org
[2]: https://www.osohq.com
Project mention: Shrink to Secure: Kubernetes and Secure Compact Containers | news.ycombinator.com | 2023-07-02
This can be achieved by using tools like Open Policy Administration Layer (OPAL), which helps keep your authorization layer updated in real-time with data and policy updates. This OSS includes two important features:
OPA is a great tool for implementing a policy-as-code system. But if you're trying to use it for application authorization (e.g. fine-grained authz for B2B SaaS or a set of internal applications), you may find that its policy story is strong, but it doesn't really have a "data plane": you either store data in a data.json file and rebuild the policy any time that data changes, or make an http.send call out of the policy to fetch dynamic data.
Check out Topaz [0], which uses OPA as its decision engine, but adds a data plane that is based on the ReBAC ideas explored in the Google Zanzibar [1] paper.
Disclaimer: I work on the team [2] that builds and maintains the Topaz project.
[0] https://www.topaz.sh
[1] https://research.google/pubs/zanzibar-googles-consistent-glo...
[2] https://www.aserto.com
Full changelog, and downloads here!
Opa related posts
-
The API database architecture – Stop writing HTTP-GET endpoints
-
SAP BTP, Terraform and Open Policy Agent
-
Open Policy Agent
-
Build and Push to GAR and Deploy to GKE - End-to-End CI/CD Pipeline
-
Regal v0.14.0 released
-
Securing CI/CD Images with Cosign and OPA
-
OPA vs. Google Zanzibar: A Brief Comparison
-
A note from our sponsor - InfluxDB
www.influxdata.com | 10 May 2024
Index
What are some of the best open-source Opa projects? This list will help you:
Project | Stars | |
---|---|---|
1 | OPA (Open Policy Agent) | 9,156 |
2 | gatekeeper | 3,480 |
3 | OPAL | 2,300 |
4 | topaz | 979 |
5 | awesome-opa | 737 |
6 | gatekeeper-library | 606 |
7 | gke-policy-automation | 508 |
8 | konstraint | 373 |
9 | opa-envoy-plugin | 307 |
10 | gatekeeper-policy-manager | 287 |
11 | reposaur | 280 |
12 | s3-proxy | 266 |
13 | preflight | 251 |
14 | gatekeeper | 241 |
15 | regal | 223 |
16 | rego-style-guide | 192 |
17 | rego-policies | 151 |
18 | magtape | 144 |
19 | regolibrary | 108 |
20 | policy-as-code-war | 61 |
21 | opa-kafka-plugin | 58 |
22 | docker-security-checker | 55 |
23 | sls-lambda-opa | 52 |
Sponsored