Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

🐊 Gatekeeper - Policy Controller for Kubernetes

Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).

A GitHub App that enforces approval policies on pull requests

Pike is a tool for determining the permissions or policy required for IAC code

Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices

Kubernetes security tool for policy enforcement

Kubernetes tool for scanning clusters for network policies and identifying unprotected workloads.

A policy management tool for interacting with Gatekeeper

A plugin to enforce OPA policies with Envoy

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

An open source, cloud-native security to protect everything from build to runtime

Sidecar for managing OPA instances in Kubernetes.

Speedle is an open source project for access control.

INTERCEPT / Policy as Code Auditing & Compliance

Kyverno for any JSON!

Speedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.

Discover least permissive security posture, Network Microsegmentation, and Application behaviour based on visibility/observability data emitted from policy engines..