[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-4990":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":33,"readmeContent":34,"aiSummary":35,"trendingCount":16,"starSnapshotCount":16,"syncStatus":36,"lastSyncTime":37,"discoverSource":38},4990,"opa","open-policy-agent\u002Fopa","open-policy-agent","Open Policy Agent (OPA) is an open source, general-purpose policy engine.","https:\u002F\u002Fwww.openpolicyagent.org",null,"Go",11848,1588,132,348,0,6,26,146,27,44.6,"Apache License 2.0",false,"main",true,[27,28,29,30,31,5,7,32],"authorization","cloud-native","compliance","declarative","json","policy","2026-06-12 02:01:06","# ![logo](.\u002Flogo\u002Flogo-144x144.png) Open Policy Agent\n\n[![Build Status](https:\u002F\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa\u002Fworkflows\u002FPost%20Merge\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa\u002Factions) [![Go Report Card](https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa)](https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa) [![CII Best Practices](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F1768\u002Fbadge)](https:\u002F\u002Fwww.bestpractices.dev\u002Fen\u002Fprojects\u002F1768\u002Fpassing) [![Netlify Status](https:\u002F\u002Fapi.netlify.com\u002Fapi\u002Fv1\u002Fbadges\u002F4a0a092a-8741-4826-a28f-826d4a576cab\u002Fdeploy-status)](https:\u002F\u002Fapp.netlify.com\u002Fsites\u002Fopenpolicyagent\u002Fdeploys)\n\nOpen Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.\n\nOPA is proud to be a graduated project in the [Cloud Native Computing Foundation](https:\u002F\u002Fwww.cncf.io\u002F) (CNCF) landscape. For details read the CNCF [announcement](https:\u002F\u002Fwww.cncf.io\u002Fannouncements\u002F2021\u002F02\u002F04\u002Fcloud-native-computing-foundation-announces-open-policy-agent-graduation\u002F).\n\n## Get started with OPA\n\n- Write your first Rego policy with the [Rego Playground](https:\u002F\u002Fplay.openpolicyagent.org) or use it to share your work with others for feedback and support. Have a look at the [Access Control examples](https:\u002F\u002Fplay.openpolicyagent.org\u002F?example-group=access-control) if you're not sure where to start.\n- Install the [VS Code extension](https:\u002F\u002Fmarketplace.visualstudio.com\u002Fitems?itemName=tsandall.opa) to get started locally with live diagnostics, debugging and formatting. See [Editor and IDE Support](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Feditor-and-ide-support) for other supported editors.\n- Go to the [OPA Documentation](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs) to\n  learn about the Rego language as well as how to deploy and integrate OPA.\n- Check out the learning resources in the [Learning Rego](https:\u002F\u002Fwww.openpolicyagent.org\u002Fecosystem\u002Fby-feature\u002Flearning-rego) section of the ecosystem directory.\n- Follow the [Running OPA](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Flatest\u002F#running-opa) instructions to get started with the OPA CLI locally.\n- See [Docker Hub](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fopenpolicyagent\u002Fopa\u002Ftags\u002F) for container images and the [GitHub releases](https:\u002F\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa\u002Freleases) for binaries.\n- Check out the [OPA Roadmap](https:\u002F\u002Fgithub.com\u002Forgs\u002Fopen-policy-agent\u002Fprojects\u002F10) to see a high-level snapshot of OPA features in-progress and planned.\n\n## Want to talk about OPA or get support?\n\n- Join the [OPA Slack](https:\u002F\u002Fslack.openpolicyagent.org) to talk to other OPA users and maintainers. See `#help` for support.\n- Check out the [Community Discussions](https:\u002F\u002Fgithub.com\u002Forgs\u002Fopen-policy-agent\u002Fdiscussions) to ask questions.\n- See the [Support](https:\u002F\u002Fwww.openpolicyagent.org\u002Fsupport) page for commercial support options.\n\n## Interested to learn what others are doing with OPA?\n\n- Browse community projects on the [OPA Ecosystem Directory](https:\u002F\u002Fwww.openpolicyagent.org\u002Fecosystem) - don't forget to [list your own](https:\u002F\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa\u002Ftree\u002Fmain\u002Fdocs#opa-ecosystem)!\n- Check out the [ADOPTERS.md](.\u002FADOPTERS.md) file for a list of production adopters. Does your organization use OPA in production? Support the OPA project by submitting a PR to add your organization to the list with a short description of your OPA use cases!\n\n## Want to integrate OPA?\n\n- See the high-level [Go SDK](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Fintegration#integrating-with-the-go-sdk) or the low-level Go API\n  [![GoDoc](https:\u002F\u002Fpkg.go.dev\u002Fbadge\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa?utm_source=godoc)](https:\u002F\u002Fpkg.go.dev\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa\u002Frego?utm_source=godoc)\n  to integrate OPA with services written in Go.\n- See the [REST API](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Frest-api.html)\n  reference to integrate OPA with services written in other languages.\n- See the [integration docs](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Fintegration) for more options.\n\n## Want to contribute to OPA?\n\n- Read the [Contributing Guide](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Fcontributing) to learn how to make your first contribution.\n- Use [#contributors](https:\u002F\u002Fopenpolicyagent.slack.com\u002F?redir=%2Farchives%2FC02L1TLPN59%3Fname%3DC02L1TLPN59) in Slack to talk to other contributors and OPA maintainers.\n- File a [GitHub Issue](https:\u002F\u002Fgithub.com\u002Fopen-policy-agent\u002Fopa\u002Fissues) to request features or report bugs.\n\n## How does OPA work?\n\nOPA gives you a high-level declarative language to author and enforce policies\nacross your stack.\n\nWith OPA, you define _rules_ that govern how your system should behave. These\nrules exist to answer questions like:\n\n- Can user X call operation Y on resource Z?\n- What clusters should workload W be deployed to?\n- What tags must be set on resource R before it's created?\n\nYou integrate services with OPA so that these kinds of policy decisions do not\nhave to be _hardcoded_ in your service. Services integrate with OPA by\nexecuting _queries_ when policy decisions are needed.\n\nWhen you query OPA for a policy decision, OPA evaluates the rules and data\n(which you give it) to produce an answer. The policy decision is sent back as\nthe result of the query.\n\nFor example, in a simple API authorization use case:\n\n- You write rules that allow (or deny) access to your service APIs.\n- Your service queries OPA when it receives API requests.\n- OPA returns allow (or deny) decisions to your service.\n- Your service _enforces_ the decisions by accepting or rejecting requests accordingly.\n\nFor concrete examples of how to integrate OPA with systems like\n[Kubernetes](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Fkubernetes),\n[Terraform](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Fterraform),\n[Docker](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Fdocker-authorization),\n[SSH](https:\u002F\u002Fwww.openpolicyagent.org\u002Fdocs\u002Fssh-and-sudo-authorization),\nand more, see [openpolicyagent.org](https:\u002F\u002Fwww.openpolicyagent.org).\n\n## Presentations\n\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon EU 2026: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=TENlj4r6IXk)\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon NA 2025: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=tDBYMF2XXLA)\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon EU 2025: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=XtA-NKoJDaI)\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon NA 2024: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=QuotLxFb2f4)\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon EU 2024: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=hENwFyrtm1g)\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon NA 2023: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=wJkjsvVpj_Q)\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon EU 2023: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=6RNp3m_THw4)\n- Running Policy in Hard to Reach Places with WASM & OPA @ CN Wasm Day EU 2023: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=BdeBhukLwt4)\n- OPA maintainers talk @ Kubecon NA 2022: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=RMiovzGGCfI)\n- Open Policy Agent (OPA) Intro & Deep Dive @ Kubecon EU 2022: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=MhyQxIp1H58)\n- Open Policy Agent Intro @ KubeCon EU 2021: [Video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=2CgeiWkliaw)\n- Using Open Policy Agent to Meet Evolving Policy Requirements @ KubeCon NA 2020: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=zVuM7F_BTyc)\n- Applying Policy Throughout The Application Lifecycle with Open Policy Agent @ CloudNativeCon 2019: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=cXfsaE6RKfc)\n- Open Policy Agent Introduction @ CloudNativeCon EU 2018: [video](https:\u002F\u002Fyoutu.be\u002FXEHeexPpgrA), [slides](https:\u002F\u002Fwww.slideshare.net\u002Fslideshow\u002Fopa-the-cloud-native-policy-engine\u002F96644504)\n- Rego Deep Dive @ CloudNativeCon EU 2018: [video](https:\u002F\u002Fyoutu.be\u002F4mBJSIhs2xQ), [slides](https:\u002F\u002Fwww.slideshare.net\u002Fslideshow\u002Frego-deep-dive\u002F96644608)\n- How Netflix Is Solving Authorization Across Their Cloud @ CloudNativeCon US 2017: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=R6tUNpRpdnY), [slides](https:\u002F\u002Fwww.slideshare.net\u002Fslideshow\u002Fhow-netflix-is-solving-authorization-across-their-cloud\u002F84384095).\n- Policy-based Resource Placement in Kubernetes Federation @ LinuxCon Beijing 2017: [slides](https:\u002F\u002Fwww.slideshare.net\u002Fslideshow\u002Fpolicybased-resource-placement-across-hybrid-cloud\u002F83876901), [screencast](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=hRz13baBhfg&feature=youtu.be)\n- Enforcing Bespoke Policies In Kubernetes @ KubeCon US 2017: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=llDI8VvkUj8), [slides](https:\u002F\u002Fwww.slideshare.net\u002Fslideshow\u002Fenforcing-bespoke-policies-in-kubernetes\u002F83877237)\n- Istio's Mixer: Policy Enforcement with Custom Adapters @ CloudNativeCon US 2017: [video](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=czZLXUqzd24), [slides](https:\u002F\u002Fwww.slideshare.net\u002Fslideshow\u002Fistios-mixer-policy-enforcement-with-custom-adapters-cloud-nativecon-17\u002F83877455)\n\n## Security\n\nA third party security audit was performed by Cure53, you can see the full report [here](SECURITY_AUDIT.pdf).\n\nPlease report vulnerabilities by email to [open-policy-agent-security](mailto:open-policy-agent-security@googlegroups.com).\nWe will send a confirmation message to acknowledge that we have received the\nreport and then we will send additional messages to follow up once the issue\nhas been investigated.\n","Open Policy Agent (OPA) 是一个开源的通用策略引擎，能够实现整个技术栈中统一且上下文感知的策略执行。它使用Rego语言编写策略，并支持JSON格式的数据处理，具有强大的表达能力和灵活性。OPA适合在云原生环境中用于授权、合规性和访问控制等场景，特别是当需要跨多个服务或平台实施一致的安全规则时。作为CNCF的一个毕业项目，OPA遵循Apache License 2.0许可协议，保证了其在生产环境中的可靠性和安全性。",2,"2026-06-11 03:01:55","top_language"]