The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 18 policy-as-code Open-Source Projects
-
OPAL
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...) (by permitio)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
cloudformation-guard
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
-
mobility-data-specification
A data standard to enable right-of-way regulation and two-way communication between mobility companies and local governments.
-
Selefra
The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).
-
awesome-azure-policy
A curated list of blogs, videos, tutorials, code, tools, scripts, and anything useful to help you learn Azure Policy - by @JesseLoudon
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
iambic
IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.
-
Kubewarden
Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL) sugh as Rego. Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.
-
gamechanger
GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements
-
open-source-logiciel-libre
Open Source Software Requirements and Guidance (Draft) - Exigences et guides liés aux logiciels libres (Ébauche)
-
deprecated-api-versions-policy
A Kubewarden Policy that detects usage of deprecated and dropped Kubernetes resources
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Another tool that can help you deploy a Policy as Code-based solution in 2024 is OPAL, the Open Policy Administration Layer. OPAL is an open-source project that provides a comprehensive policy-based service for applications. With one click, you can deploy a full architecture of a Git-based centralized policy store with decentralized policy engines running as a sidecar with your applications. OPAL also provides a unified architecture to sync all the data you need with the policy engines.
Project mention: Pull Request Reporting with CDK-Validator-CFNGuard and Azure DevOps | dev.to | 2024-02-16If you now use these services to fix the infrastructure findings, a drift occurs that is not always easy to fix. It is better to check for possible problems before the actual deployment. This approach is called “Shift-Left”. This can be done with the package cdk-validator-cfnguard. It's based on the CloudFormation Guard package.
Project mention: How are you implementing OPA with Terraform? We found a few links on how others have done it, but we're still curious. | /r/devsecops | 2023-05-03Awesome OPA GitHub Repo - a collection of open-source OPA tooling.
[Feature]Modules support filtering, while labels support customization of any format. by @FelixsJiang in #30
Hello everyone! We are working on an open-source IAM-as-code solution called IAMbic, and recently added AWS Service Control Policy support (AWS guardrails, typically used for compliance). IAMbic represents your IAM in Git as YAML Files (called iambic templates). An example repository of templates managed by IAMbic is here. The goal is that you can download IAMbic, and go from your cloud to code in ~10 minutes without needing to write any code yourself. Any changes you make (via clicking in the cloud console, running `terraform apply`, etc) are captured by IAMbic and updated in Git, so you have a running Git history of all IAM changes over time, and Git is an eventually consistent, reliable source of truth for permissions. IAMbic templates are bi-directional, so when you want to manage identities in IAMbic (like cookie-cutter engineering IAM roles or AWS SSO permission sets), You go through a GitOps workflow, get approval, and instruct IAMbic to apply the changes. We have some examples in our IAMOps Philosophy docs. If you want resources to be solely managed by IAMbic, you can instruct IAMbic to prevent drift on these resources. You can also declaratively define temporary access or permissions in the format (Like: "I want userA to have access to the Salesforce app in Okta for 12 hours" or "I want to have S3 permissions to BucketA on the engineering role on the prod AWS account until DATE"). We're really looking for feedback because we want this to be a compelling solution. What are your thoughts? How can we make this better?
Project mention: Show HN: Vet now supports detecting malicious packages | news.ycombinator.com | 2023-12-31
Open Policy Administration Layer (OPAL), is an open source administration layer for Policy Engines such as Open Policy Agent (OPA), and AWS' Cedar Agent that detects changes to both policy and policy data in real time and pushes live updates to those agents. Using Git repositories and GitOps as a method for rule storage, OPAL provides several benefits:
Project mention: Isint release cycle becoming a bit crazy with monthly releases and deprecations ? | /r/kubernetes | 2023-07-11If you use something like kubewarden, people write policies and update them on GitHub for example
policy-as-code related posts
- Pull Request Reporting with CDK-Validator-CFNGuard and Azure DevOps
- Show HN: Vet now supports detecting malicious packages
- How Reddit Built Authorization with OPA
- Python Authorization Anti-Patterns and How to Avoid Them
- Authorization and Cedar: A New Way to Manage Permissions - Part II
- cedar-agent
- Show HN: Run AWS Cedar Policy Like OPA
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Index
What are some of the best open-source policy-as-code projects? This list will help you:
Project | Stars | |
---|---|---|
1 | OPAL | 2,281 |
2 | kpt | 1,631 |
3 | cloudformation-guard | 1,230 |
4 | awesome-opa | 733 |
5 | mobility-data-specification | 670 |
6 | Selefra | 507 |
7 | awesome-azure-policy | 470 |
8 | iambic | 271 |
9 | cnspec | 234 |
10 | rego-style-guide | 192 |
11 | vet | 174 |
12 | magtape | 144 |
13 | Kubewarden | 132 |
14 | cedar-agent | 118 |
15 | policy-as-code-war | 61 |
16 | gamechanger | 56 |
17 | open-source-logiciel-libre | 35 |
18 | deprecated-api-versions-policy | 15 |
Sponsored