Go Integrations

Regal is built using the Go Rego API. Regal evaluates linting rules defined in Rego against the Rego AST of policy files. The linter package is a good place to see how OPA is used in the project.

The Rönd sidecar uses the OPA Rego API to make API-access authorization decisions. See the OPA evaluator code.

Conftest is written in Go and uses the Rego Go API.

OPA Gatekeeper is written in Go and uses the Rego Go API to evaluate policies loaded from Custom Resources.

Topaz's Authorizer component makes use of the Rego API to evaluate policies to make authorization decisions for connected applications.

Cosign In-Toto attestations can be written in Rego, these are evaluated in the Cosign binary using the Go API.

Dapr's contrib middleware include an OPA integration built on the Go API. This tutorial explains how to configure it.

dependency-management-data uses the Go Rego API to make it possible to write more complex rules around usages of Open Source and internal dependencies.

Example policies can be found in DMD's example project and provide an indication of some common use-cases.

Flipt's authorization feature uses the Go API to embed Open Policy Agent and evaluate authorization policies. These docs explain how it works.

Kubescape uses the Go Repo API to test Kubernetes objects against a range of posture controls.

The Pulumi OPA bridge uses the Rego API to evaluate policies in a policy pack. View the docs and code.

Chef Automate uses the Go Rego API to evaluate authorization policies controlling access to its own API endpoints. The feature is documented here.

The Enterprise Contract uses the OPA go library to process rego policies when validating the signatures and attestations of container images and other software artifacts.

Lula is written in Go and uses the Rego Go API to evaluate configuration for compliance against security controls.

Makes use of the OPA Repl package to interact with an OPA instance.