OPA

Sysdig Secure leverages OPA to strengthen cloud and Kubernetes security with out-of-the-box policies as code.

Join Community

Sysdig Secure Extends OPA

Sysdig Secure leverages OPA to enforce consistent policies across multiple infrastructure-as-code (IaC) sources (Terraform, Helm, Kustomize) and Kubernetes clusters, using a policy-as-code approach.

WHAT IS OPA?

OPA is an open-source policy engine that unifies policy enforcement for cloud-native environments. Sysdig Secure uses OPA to manage compliance and governance with policy as code.

Cloud Native Runtime Security
falco.org
About
cncf graduated
Created 2016.05.17
140m downloads
releases
0.40.0
Latest
kubernetes
security
containers
cncf
cloud-native
ebpf
hacktoberfest
falco
cloud-native
110+
Monthly Active
Contributors
Person wearing a gray striped sweater looking up and smiling outdoors with autumn trees in the background.Young man with short dark hair wearing a light blue shirt looking to the side against a white brick wall.Young woman with brown hair in a black turtleneck looking thoughtfully to the side.Smiling man with dark hair, beard, and round glasses, looking to the side.Smiling woman with long brown hair wearing a gray blazer, sitting in front of a window with an orange wall behind her.Person with short pink hair wearing an apron writing on a clipboard in an industrial setting.Smiling young man with dark hair wearing a white shirt, sitting outdoors near a weathered stone surface.Smiling woman in black sleeveless top posing with hand on chin against a gray concrete wall.Smiling man with glasses, mustache, and bangs in black and white photo.Young man wearing a beige jacket and backpack standing in front of a rusty metal wall.Black and white portrait of a middle-aged person with short hair, smiling slightly and looking to the side.Young woman with long black hair wearing a denim jacket standing in front of dense green foliage.
Cartoon slice of pizza with large eyes, smiling and surrounded by pink hearts.Cartoon-style avatar of a character with bright pink hair, large expressive eyes, and a confident smile.Cute cartoon mushroom character waving with a smile, featuring a red cap with white spots.Smiling brown travel suitcase with handle and shoulder strap on purple background.Cartoon chicken with orange comb painting its feathers with a red brush on a purple background.Corgi dog wearing a brown beanie and aviator sunglasses against a blue background.Illustration of a smiling woman with wavy brown hair, glasses, and a black top.Cartoon pufferfish wearing headphones with angry expression on a blue background.Cartoon character with brown skin, wavy brown hair, blue sunglasses, and a red headband.Smiling blue and white robot character waving with one hand.Smiling orange cat face with closed eyes and whiskers.Corgi dog wearing a brown beanie and aviator sunglasses against a blue background.Close-up illustration of a young chimpanzee with a neutral expression on a green circular background.Illustration of a smiling zebra with large eyes on a teal circular background.Cartoon blue shark wearing purple sunglasses and holding a yellow and blue surfboard on a blue circle background.Cartoon character with medium skin tone, dark messy hair, glasses, red cheeks, and a surprised expression.

Features

Apply Policy as Code
Leverage OPA and apply policy-as-code controls across your Kubernetes workloads.
Shift Security Further Left
Scan IaC source files before deployment to prevent runtime security issues
Enforce Compliance and Governance
Automate compliance and governance across the application life cycle by applying out-of-the-box policies.
Tab 1
Tab 2
Tab 3
Infrastructure-as-Code (IaC) Security

Manage risk when configuring cloud infrastructures and shift security further left with IaC security scanning.

LEARN MORE
Risk-Based Prioritization

Fix issues faster with risk-based prioritization, identifying production instances affected by IaC security issues and sorted by severity. Prioritize IaC fixes based on application context.

LEARN MORE
Detailed Risk Posture

Continuously validate risk posture and governance across all of your workloads and multicloud environments by applying out-of-the-box policies.

LEARN MORE
Out-of-the-Box Policies

Scan incoming pull requests for security violations based on pre-defined out-of-the-box policies. Get a comprehensive list of violations, their severity, and the failed resources per file.

LEARN MORE

Managed Service

A fully-managed Prometheus service with enterprise features for open source Prometheus monitoring, such as automatic service detection and assisted integration deployment.

Read more
Managed Service

Dashboards and Querying

Use a simple form-based approach to query your Prometheus time series, or use the powerful Prometheus Query Language (PromQL) to build dashboards and alerts.

Read more
Dashboards and Querying

Prometheus Alerting

Set alerts for Prometheus monitoring metrics and get automated notifications of application issues across your entire environment. Import your recording rules for faster configuration.

Read more
Prometheus Alerting

Configuration and Storage

A radically simplified Prometheus monitoring tool. Our agent can scrape metrics for you and our back end provides long-term time series retention with a unified view across your whole environment.

Read more
Configuration and Storage

Get involved with OPA today

Abstract geometric logo composed of intersecting diagonal lines forming a stylized letter F and X in grayscale.
Jump over to the project’s GitHub repository to contribute to OPA.

Contribute

Icon of a gray document with black horizontal lines representing text.
Learn more at the project’s website.

Project website

Gray gear with a shield in front symbolizing security or protection in settings.
Start reading about how Sysdig extends OPA.

Documentation

Like what you see?

GET A DEMO