#Policy-as-code
Showing 35 of 35 repositories tagged #policy-as-code, ranked by stars
Unified Policy as Code
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA platform, API/AI/MCP gateway, a PaaS, an ngrok-alternative and a homelab infrastructure.
Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.
Automate Kubernetes Configuration Editing
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
PacBot (Policy as Code Bot)
Protect against malicious open source packages ๐ค
A curated list of OPA related tools, frameworks and articles
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.
The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).
An open source, cloud-native security to protect everything from build to runtime
Regorus - A fast, lightweight Rego (OPA policy language) interpreter written in Rust.
Open-source Terraform Enterprise replacement
A tool for generating, validating & sharing all your configurations, powered by CUE. Works with Kubernetes, Terraform, Compose, GitHub actions and much more...
Bicep and Terraform code examples for policy-as-code workflows. Azure governance guardrails and automation - by @JesseLoudon
GitMesh: Policy-as-Code Engine for Open Source AI Agent Orchestration
Awesome Terraform Compliance - tools, frameworks, and resources for implementing compliance, security, and governance controls in Terraform and OpenTofu infrastructure.
The cloud hygiene platform - including AI and GPU infrastructure
Hexa Policy Orchestrator enables you to manage all of your access policies consistently across software providers.
Mantis is a unified infrastructure as code framework that replaces Terraform and Helm
Governance-as-Code for AI agents. Declarative constraints with deterministic enforcement. Provisioning Identity, Tool-based rules, Brokering Credentials & Ensuring safe deployment
Go-to CLI tool for Kubewarden users
Approvable, local-first AI coding agent for regulated teams: policy controls, governed MCP, evidence packs, audit trails, secure remediation, and any OpenAI-compatible model.
INTERCEPT / Policy as Code Auditing
Stop your AI agent from shipping insecure IaC. ops0 CLI sits between Claude Code, Codex or Gemini and your cloud, scanning every .tf the agent writes and blocking destroy commands before they run.
OPA Gatekeeper vs Kyverno
Permguard is the authorization engine for both worlds: enforce policies on today's systems, enforce continuity on tomorrow's. One engine for governance, AI agents, and distributed execution.
A modern, extensible framework for defining and enforcing security policies across your digital infrastructure.
Implements OPA-based preventive security controls for AWS Infrastructure using Terraform Infrastructure as Code (IaC), that can establish a security baseline and safeguard resources before deployment into the AWS Accounts and reduce security risks.
Terraform Test Framework
Deep GCP security hardening via automated triage and state-aware IaC. Built to power rapid, agile task-force engagements and remediate complex brownfield environments at scale.
An opensource DevSecOps Layer for your AI agent. Governance, Custom Guard Rails and Observablity at one platform.
Static analysis from configs โ Kubernetes NetworkPolicies in seconds
A typed, observable, policy-driven configuration system for Go services.