
opa
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
The Lens
OPA, the Open Policy Agent, is a general-purpose policy engine: you write rules in a language called Rego, and OPA evaluates them to make yes-or-no decisions for anything that asks. Should this Kubernetes pod be allowed? Can this user call this API? Is this Terraform plan compliant? One engine, consistent policy across your whole stack. Open source and free, a graduated CNCF project.
It runs as a service or a library that your applications and infrastructure query at decision points. The power is decoupling policy from code: instead of hardcoding rules into every service, they live in Rego and OPA answers the questions. Rego takes real effort to learn, and that's the honest cost of the flexibility. Setup is easy, getting good at Rego is not.
OPA is free. Styra, founded by OPA's creators, sells Styra DAS: a commercial control plane for managing policies, distribution, and monitoring across a large environment. Solo and small teams, raw OPA, or Gatekeeper if your only use case is Kubernetes. Large orgs running policy everywhere, Styra DAS is the management layer.
The catch: Rego is the barrier. It's a declarative logic language that thinks differently from normal code, and the learning curve is steep enough that teams often stall. If your only need is Kubernetes admission control, Gatekeeper or Kyverno wrap OPA-style policy in something friendlier. Reach for raw OPA when you genuinely need one policy engine across many systems.
Free vs Self-Hosted vs Paid
free self hosted paid cloudSelf-hosted (free): OPA under Apache-2.0, a graduated CNCF project. A general-purpose policy engine: write rules in Rego, and OPA answers yes/no decisions for Kubernetes admission, API authorization, Terraform compliance, and more. Runs as a service or a library.
Styra DAS (paid): A commercial control plane from OPA's creators for managing, distributing, and monitoring policy at scale.
The call: Raw OPA for teams that need one policy engine across many systems. For Kubernetes-only needs, Gatekeeper or Kyverno are friendlier.
Free and open source (CNCF). Styra DAS, from OPA's creators, is the paid control plane.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
About
- Owner
- Open Policy Agent (Organization)
- Stars
- 11,929
- Forks
- 1,601
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
381.5k ★everything-claude-code
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
225.3k ★hermes-agent
The agent that grows with you
208.2k ★