opa - An open source, general-purpose policy engine.

  •        134

The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. OPA is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the CNCF announcement.

https://www.openpolicyagent.org
https://github.com/open-policy-agent/opa

Tags
Implementation
License
Platform

   




Related Projects

hydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure

  •    Go

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.

Opa - Elegant language for Web

  •    Closure

Opa is a concise and elegant language for writing scalable and distributed web applications. Opa pushes boundaries of the state of the art in web security by making its application immune to XSS attacks, SQL injections and more. Opa is designed to get you to your finished app faster, concentrating only on the interesting parts, without the hassle of writing the glue or of using a programming language against its original design.

trireme-lib - Simple, scalable and secure application segmentation

  •    Go

Welcome to Trireme, an open-source library curated by Aporeto to provide cryptographic isolation for cloud-native applications. Trireme-lib is a Zero-Trust networking library that makes it possible to setup security policies and segment applications by enforcing end-to-end authentication and authorization without the need for complex control planes or IP/port-centric ACLs and east-west firewalls. Trireme-lib supports both containers and Linux processes as well user-based activation, and it allows security policy enforcement between any of these entities.

casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

  •    Go

Casbin is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various access control models. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

opalang - The Opa Language for Web Application Development

  •    OCaml

Opa is a functional programming language for the Web, that compiles to JavaScript. There are real applications fully developed with Opa such as the PEPS Communication Platform, RiskyBird and many others.This repository contains all the sources of both the Opa compiler and the Opa library.


action_policy - Authorization framework for Ruby/Rails applications

  •    Ruby

Action Policy is an authorization framework for Ruby and Rails applications. Action Policy relies on resource-specific policy classes (just like Pundit).

Nextcloud - A safe home for all your data

  •    PHP

Nextcloud Files is an on-premise, open source file sync and share solution designed to be easy-to-use and highly secure. You can store your files, contacts, calendars and more on the server. It provides real-time collaboration and instant access to all data from any device, anywhere. Access data from FTP, Windows Network Drive, SharePoint, NFS, Object storage and more. It is designed with compliance in mind, providing extensive data policy enforcement, encryption, user management and auditing capabilities.

ManageIQ - Discover, Optimize, and Control your Hybrid IT

  •    Ruby

ManageIQ is an open-source Management Platform that delivers the insight, control, and automation that enterprises need to address the challenges of managing hybrid IT environments.

Wazuh - Host and endpoint security

  •    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

Open WS-Policy

  •    Java

Open WS-Policy,an Open Source Web Services Policy Framework implementation,is a set of open source Java libraries that implement the ws-policy specifications.

canal - Policy based networking for cloud native applications

  •    

Refer to Canal/flannel Hosted Install for up to date installation directions and manifests. This repo is deprecated and no further updates are expected here. Canal is a community-driven initiative that aims to allow users to easily deploy Calico and flannel networking together as a unified networking solution - combining Calico’s industry-leading network policy enforcement with the rich superset of Calico and flannel overlay and non-overlay network connectivity options.

csp-builder - Build Content-Security-Policy headers from a JSON file (or build them programmatically)

  •    PHP

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.

crossplane - An Open Source Multicloud Control Plane

  •    Go

Crossplane is an open source multicloud control plane. It introduces workload and resource abstractions on-top of existing managed services that enables a high degree of workload portability across cloud providers. A single crossplane enables the provisioning and full-lifecycle management of services and infrastructure across a wide range of providers, offerings, vendors, regions, and clusters. Crossplane offers a universal API for cloud computing, a workload scheduler, and a set of smart controllers that can automate work across clouds. Crossplane presents a declarative management style API that covers a wide range of portable abstractions including databases, message queues, buckets, data pipelines, serverless, clusters, and many more coming. It’s based on the declarative resource model of the popular Kubernetes project, and applies many of the lessons learned in container orchestration to multicloud workload and resource orchestration.

aws-amplify - A declarative JavaScript library for application development using cloud services.

  •    Javascript

AWS Amplify provides a declarative and easy-to-use interface across different categories of cloud operations. AWS Amplify goes well with any JavaScript based frontend workflow, and React Native for mobile developers. Our default implementation works with Amazon Web Services (AWS), but AWS Amplify is designed to be open and pluggable for any custom backend or service.

awacs - Python library for AWS Access Policy Language creation

  •    Python

The awacs library allows for easier creation of AWS Access Policy Language JSON by writing Python code to describe the AWS policies. To facilitate catching policy format or JSON errors early the library has property and type checking built into the classes. NOTE: The old awacs.aws.Policy object is going to be deprecated in the future, in preference for the awacs.aws.PolicyDocument class. This is due to confusion that arises between the old object and troposphere.iam.Policy objects.

inspec - InSpec: Auditing and Testing Framework

  •    Ruby

InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.

inspec - InSpec: Auditing and Testing Framework

  •    Ruby

InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.

project-open-data.github.io - Open Data Policy — Managing Information as an Asset

  •    HTML

Technology moves much faster than policy ever could. Often when writing policy for technology, agencies are stuck w/ outdated methods as soon as they publish new policies. This Appendix is meant to be a living document so that collaboration in the open data ecosystem is fostered and the continual update of technology pieces that affect update can happen on a more rapid pace.

Policyd

  •    PHP

Policyd is a multi-platform policy server for popular MTAs. Features include detailed policy and group specification, access control, helo checks (helo randomization prevention and RFC compliance), SPF, greylisting, quotas and amavisd-new integration.