
conftest
Write tests against structured configuration data using the Open Policy Agent Rego query language
The Lens
Conftest tests configuration files against policies you write in Rego. Point it at a Kubernetes manifest, a Terraform plan, a Dockerfile, or any structured config, and it checks them against your rules and passes or fails. It brings OPA-style policy to the command line and CI, open source and free.
It's a single binary built for pipelines: run it in CI to block a merge when a config violates policy, before anything reaches a cluster or a cloud account. Unlike Gatekeeper, which enforces at Kubernetes admission time, Conftest works at the file level anywhere in your workflow, so it fits config that never touches a cluster. Policies are Rego, shared through OCI registries.
Fully free, part of the OPA project. It fills the gap between a general policy engine and your CI: the same Rego skills, applied to files instead of live systems. Solo and small teams, a clean way to gate config in pull requests. Larger orgs, pair it with Gatekeeper so the same policy ideas run in CI and at admission time.
The catch: Rego again. Conftest is only as useful as the policies you write, and those are in Rego, so the learning curve carries over. And it checks files, not running systems, so a config that passes Conftest can still drift after it's deployed. It's a pre-deploy gate, not runtime enforcement.
Free vs Self-Hosted vs Paid
fully freeSelf-hosted (free): Conftest under Apache-2.0, part of OPA. A single binary that tests structured config files (Kubernetes manifests, Terraform plans, Dockerfiles, and more) against Rego policies, built for CI. Policies shared via OCI registries.
Commercial: None.
The call: File-level policy for the pipeline, versus Gatekeeper's admission-time enforcement. Same Rego skills, applied to files before anything deploys.
Completely free and open source, part of the OPA project.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
About
- Owner
- Open Policy Agent (Organization)
- Stars
- 3,213
- Forks
- 347
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
381.5k ★everything-claude-code
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
225.3k ★hermes-agent
The agent that grows with you
208.2k ★