docs/website/data/integrations.yaml

integrations:
  kubernetes-validating-admission:
    title: Kubernetes Admission Control
    description: Kubernetes automates deployment, scaling, and management of containerized applications.  OPA provides fine-grained, context-aware authorization for which application component configuration.
    software:
      - kubernetes
    labels:
      category: containers
      layer: orchestration
    tutorials:
      - https://www.openpolicyagent.org/docs/kubernetes-admission-control.html
      - https://katacoda.com/austinheiman/scenarios/open-policy-agent-gatekeeper
    code:
      - https://github.com/open-policy-agent/kube-mgmt
      - https://github.com/open-policy-agent/gatekeeper
    inventors:
      - styra
      - microsoft
      - google
    videos:
      - title: Securing Kubernetes With Admission Controllers
        speakers:
          - name: Dave Strebel
            organization: microsoft
        venue: Kubecon Seattle 2018
        link: https://sched.co/GrZQ
      - title: Using OPA for Admission Control in Production
        speakers:
          - name: Zach Abrahamson
            organization: Capital One
          - name: Todd Ekenstam
            organization: Intuit
        venue: Kubecon Seattle 2018
        link: https://sched.co/Grbn
      - title: Liz Rice Keynote
        speakers:
          - name: Liz Rice
            organization: AquaSecurity
        venue: Kubecon Seattle 2018
        link: https://youtu.be/McDzaTnUVWs?t=418
      - title: Intro to Open Policy Agent Gatekeeper
        speakers:
          - name: Rita Zhang
            organization: microsoft
          - name: Max Smythe
            organization: google
        venue: Kubecon Barcelona 2019
        link: https://kccnceu19.sched.com/event/MPiM/intro-open-policy-agent-rita-zhang-microsoft-max-smythe-google
      - title: Policy Enabled Kubernetes and CICD
        speakers:
          - name: Jimmy Ray
            organization: capitalone
        venue: OPA Summit at Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=vkvWZuqSk5M
      - title: "TripAdvisor: Building a Testing Framework for Integrating OPA into K8s"
        speakers:
          - name: Luke Massa
            organization: tripadvisor
        venue: OPA Summit at Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=X09c1eXvCFM
      - title: Enforcing automatic mTLS with Linkerd and OPA Gatekeeper
        speakers:
          - name: Ivan Sim
            organization: buoyant
          - name: Rita Zhang
            organization: microsoft
        venue: Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=gMaGVHnvNfs
      - title: Enforcing Service Mesh Structure using OPA Gatekeeper
        speakers:
          - name: Sandeep Parikh
            organization: google
        venue: Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=90RHTBinAFU
      - title: "TGIK: Exploring the Open Policy Agent"
        speakers:
          - name: Joe Beda
            organization: VMware
        link: https://www.youtube.com/watch?v=QU9BGPf0hBw

    blogs:
      - https://medium.com/@sbueringer/kubernetes-authorization-via-open-policy-agent-a9455d9d5ceb
      - https://medium.com/@jimmy.ray/policy-enabled-kubernetes-with-open-policy-agent-3b612b3f0203
      - https://blog.openpolicyagent.org/securing-the-kubernetes-api-with-open-policy-agent-ce93af0552c3
      - https://itnext.io/kubernetes-authorization-via-open-policy-agent-a9455d9d5ceb
      - https://medium.com/capital-one-tech/policy-enabled-kubernetes-with-open-policy-agent-3b612b3f0203
      - https://blog.openshift.com/fine-grained-policy-enforcement-in-openshift-with-open-policy-agent/

  kubernetes-authorization:
    title: Kubernetes Authorization
    description: |
      Kubernetes Authorization is a pluggable mechanism that lets administrators control which users can run which APIs and
      is often handled by builtin RBAC.  OPA's policy language is more flexible than the RBAC, for example,
      writing policy using a prohibited list of APIs instead of the usual RBAC style of listing the permitted APIs.
    blogs:
      - https://itnext.io/kubernetes-authorization-via-open-policy-agent-a9455d9d5ceb
      - https://itnext.io/optimizing-open-policy-agent-based-kubernetes-authorization-via-go-execution-tracer-7b439bb5dc5b

  kubernetes-provisioning:
    title: Kubernetes Provisioning
    description: Kubernetes automates deployment, scaling, and management of containerized applications.  OPA decides which resources need to be created on k8s in response to a namespace being created.
    software:
      - kubernetes
    labels:
      category: containers
      layer: orchestration
    inventors:
      - goldmansachs
    videos:
      - title: Kubernetes Policy Enforcement Using OPA at Goldman Sachs
        speakers:
          - name: Miguel Uzcategui
            organization: goldmansachs
          - name: Tim Hinrichs
            organization: styra
        venue: Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=lYHr_UaHsYQ&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=140&t=0s

  gcp-forseti:
    title: GCP audit with Forseti
    description: |
      Google cloud provides a plethora of software as a service.
      Forseti, built using OPA, lets you run policy checks against the software resources on Google cloud and remediate violations.
    labels:
      category: publiccloud
    inventors:
      - google
    code:
      - https://forsetisecurity.org
    videos:
      - title: Repeatable GCP Environments at Scale with Cloud Build Infra-as-Code Pipelines
        speakers:
          - name: Morgante Pell
            organization: google
          - name: Andrew Phillips
            organization: google
        venue: Cloud Next 2019
        link: https://www.youtube.com/watch?v=3vfXQxWJazM&feature=youtu.be&t=2054

  aws-api-gateway:
    title: AWS API Gateway
    description: The AWS API Gateway controls API traffic for your application running on AWS.  OPA can be configured as an external authorizer for that Gateway to implement authorization policies on APIs.
    labels:
      category: servicemesh
      layer: gateway
    code:
      - https://github.com/zotoio/sls-lambda-opa

  traefik-api-gateway:
    title: Traefik API Gateway
    description: |
      The Traefik API Gateway is open-source software that controls API traffic into your application.
      OPA can be configured as a plugin to implement authorization policies for those APIs.
    labels:
      category: servicemesh
      layer: gateway
    blogs:
      - https://engineering.etermax.com/api-authorization-with-kubernetes-traefik-and-open-policy-agent-23647fc384a1

  gloo-api-gateway:
    title: Gloo API Gateway
    description: |
      Gloo is an open-source Kubernetes-native ingress controller, and next-generation API gateway.
      OPA can be used to implement authorization policies for those APIs.
    labels:
      category: servicemesh
      layer: gateway
    blogs:
      - https://medium.com/solo-io/5-min-with-gloo-api-gateway-configuration-with-open-policy-agent-53da276a6534
      - https://docs.solo.io/gloo/latest/security/auth/opa/

  envoy-authorization:
    title: Container Network Authorization with Envoy
    description: Envoy is a networking abstraction for cloud-native applications. OPA hooks into Envoy’s external authorization filter to provide fine-grained, context-aware authorization for network or HTTP requests.
    labels:
      category: servicemesh
      layer: network
    software:
      - envoy
    tutorials:
      - https://github.com/tsandall/minimal-opa-envoy-example/blob/master/README.md
      - https://www.openpolicyagent.org/docs/latest/envoy-authorization/
    code:
      - https://github.com/open-policy-agent/opa-istio-plugin
      - https://github.com/tsandall/minimal-opa-envoy-example
    inventors:
      - styra
    blogs:
      - https://blog.openpolicyagent.org/envoy-external-authorization-with-opa-578213ed567c
    videos:
      - title: "OPA at Scale: How Pinterest Manages Policy Distribution"
        speakers:
          - name: Will Fu
            organization: pinterest
          - name: Jeremy Krach
            organization: pinterest
        venue: OPA Summit at Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=LhgxFICWsA8
      - title: "Deploying Open Policy Agent at Atlassian"
        speakers:
          - name: Chris Stivers
            organization: atlassian
          - name: Nicholas Higgins
            organization: atlassian
        venue: OPA Summit at Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=nvRTO8xjmrg
      - title: How Yelp Moved Security From the App to the Mesh with Envoy and OPA
        speakers:
          - name: Daniel Popescu
            organization: yelp
          - name: Ben Plotnick
            organization: yelp
        venue: Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=Z6aN3Smt-9M

  custom-library-microservice-authorization:
    title: Library-based Microservice Authorization
    description: Microservice authorization can be enforced through a network proxy like Envoy/Istio/Linkerd/...
                 or can be enforced by modifying the microservice code to use a common library.  In both cases
                 OPA makes the authorization decision that the network proxy or the library enforce.
    labels:
      category: servicemesh
      layer: library
    videos:
      - title: How Netflix is Solving Authorization Across Their Cloud
        speakers:
          - name: Manish Mehta
            organization: netflix
          - name: Torin Sandall
            organization: styra
        venue: Kubecon Austin 2017
        link: https://www.youtube.com/watch?v=R6tUNpRpdnY


  istio-authorization-edge:
    title: Container Network Authorization with Istio (at the Edge)
    description: Istio is a networking abstraction for cloud-native applications that uses Envoy at the edge. OPA hooks into Envoy’s external authorization filter to provide fine-grained, context-aware authorization for network or HTTP requests.
    labels:
      category: servicemesh
      layer: network
    software:
      - istio
      - envoy
      - spire
    tutorials:
      - https://github.com/open-policy-agent/opa-istio-plugin/blob/master/README.md
    code:
      - https://github.com/open-policy-agent/opa-istio-plugin
      - https://github.com/tsandall/minimal-opa-envoy-example
      - https://github.com/open-policy-agent/opa-envoy-spire-ext-authz
    blogs:
      - https://blog.openpolicyagent.org/envoy-external-authorization-with-opa-578213ed567c
    inventors:
      - styra

  istio-authorization-mixer:
    title: Container Network Authorization with Istio (as part of Mixer)
    description: Istio is a networking abstraction for cloud-native applications. In this Istio integration OPA hooks into the centralized Mixer component of Istio, to provide fine-grained, context-aware authorization for network or HTTP requests.
    labels:
      category: servicemesh
      layer: network
    software:
      - istio
    tutorials:
      - https://istio.io/docs/reference/config/policy-and-telemetry/adapters/opa/
    code:
      - https://github.com/istio/istio/tree/master/mixer/adapter/opa
    inventors:
      - google

  openfaas-function-authorization:
    title: OpenFaaS Serverless Function Authorization
    description: OpenFaaS is a serverless function framework that runs on Docker Swarm and Kubernetes. OPA makes it possible to provide fine-grained context-aware authorization on a per-function basis.
    labels:
      layer: application
      category: serverless
    software:
      - openfaas
    code:
      - https://github.com/adaptant-labs/openfaas-function-auth-opa
    tutorials:
      - https://github.com/adaptant-labs/openfaas-function-auth-opa/blob/master/README.md
    inventors:
      - adaptant

  kong-authorization:
    title: API Gateway Authorization with Kong
    description: Kong is a microservice API Gateway.  OPA provides fine-grained, context-aware control over the requests that Kong receives.
    labels:
      layer: network
      category: gateway
    software:
      - kong
    code:
      - https://github.com/TravelNest/kong-authorization-opa
      - https://github.com/open-policy-agent/contrib/tree/master/kong_api_authz
    inventors:
      - travelnest
      - wada-ama

  linux-pam:
    title: SSH and Sudo Authorization with Linux
    description: Host-level access controls are an important part of every organization's security strategy. OPA provides fine-grained, context-aware controls for SSH and sudo using Linux-PAM.
    software:
      - linuxpam
    labels:
      layer: server
    tutorials:
      - https://www.openpolicyagent.org/docs/ssh-and-sudo-authorization.html
    code:
      - https://github.com/open-policy-agent/contrib/tree/master/pam_opa
    inventors:
      - styra

  kafka-authorization:
    title: Kafka Topic Authorization
    description: Apache Kafka is a high-performance distributed streaming platform deployed by thousands of companies.  OPA provides fine-grained, context-aware access control of which users can read/write which Kafka topics to enforce important requirements around confidentiality and integrity.
    software:
      - kafka
    labels:
      category: streaming
      layer: data
    tutorials:
      - https://www.openpolicyagent.org/docs/kafka-authorization.html
    code:
      - https://github.com/llofberg/kafka-authorizer-opa
      - https://github.com/open-policy-agent/contrib/tree/master/kafka_authorizer
      - https://github.com/Bisnode/opa-kafka-plugin
    inventors:
      - ticketmaster
      - styra
      - bisnode
    videos:
      - title: "OPA at Scale: How Pinterest Manages Policy Distribution"
        speakers:
          - name: Will Fu
            organization: pinterest
          - name: Jeremy Krach
            organization: pinterest
        venue: OPA Summit at Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=LhgxFICWsA8


  ceph:
    title: Ceph Object Storage Authorization
    description: Ceph is a highly scalable distributed storage solution that uniquely delivers object, block, and file storage in one unified system.  OPA provides fine-grained, context-aware authorization of the information stored within Ceph.
    software:
      - ceph
    labels:
      category: object
      layer: data
    tutorials:
      - https://docs.ceph.com/docs/master/radosgw/opa/
      - https://www.katacoda.com/styra/scenarios/opa-ceph
    inventors:
      - styra
      - redhat
    videos:
      - https://www.youtube.com/watch?v=9m4FymEvOqM&feature=share

  minio:
    title: Minio API Authorization
    description: Minio is an open source, on-premise object database compatible with the Amazon S3 API.  This integration lets OPA enforce policies on Minio's API.
    software:
      - minio
    labels:
      layer: data
      category: authorization
    tutorials:
      - https://github.com/minio/minio/blob/master/docs/sts/opa.md
    inventors:
      - minio
      - styra

  terraform:
    title: Terraform Authorization
    description: Terraform lets you describe the infrastructure you want and automatically creates, deletes, and modifies your existing infrastructure to match. OPA makes it possible to write policies that test the changes Terraform is about to make before it makes them.
    software:
      - terraform
      - aws
      - gcp
      - azure
    labels:
      category: publiccloud
      layer: orchestration
    tutorials:
      - https://www.openpolicyagent.org/docs/terraform.html
      - https://github.com/instrumenta/conftest/blob/master/README.md
    code:
      - https://github.com/instrumenta/conftest
    policies:
      - https://github.com/open-policy-agent/library/tree/master/terraform
    inventors:
      - medallia
      - styra
      - docker
      - snyk

  iptables:
    title: IPTables
    description: IPTables is a useful tool available to Linux kernel for filtering network packets. OPA makes it possible to manage IPTables rules using context-aware policy.
    labels:
      layer: network
      category: linux
    software:
      - Linux
    tutorials:
      - https://github.com/open-policy-agent/contrib/blob/master/opa-iptables/docs/tutorial.md
    code:
      - https://github.com/open-policy-agent/contrib/tree/master/opa-iptables
    inventors:
      - name: Urvil Patel
        organization: gsoc
      - cisco
      - styra

  dart-authorization:
    title: HTTP API Authorization in Dart
    description: This integration demonstrates how to leverage OPA to perform basic HTTP API authorization in a simple Dart microservice. OPA makes it possible to provide fine-grained context-aware authorization for each REST endpoint and access method.
    labels:
      layer: network
      category: application
    software:
      - dart
    tutorials:
      - https://github.com/adaptant-labs/opa-api-authz-dart/README.md
    code:
      - https://github.com/adaptant-labs/opa-api-authz-dart
    inventors:
      - adaptant

  springsecurity-api:
    title: Authorization for Java Spring Security
    description: Spring Security provides a framework for securing Java applications.  This integration provides a simple implementation of an AccessDecisionVoter for Spring Security that uses OPA for making API authorization decisions.
    labels:
      layer: network
      category: application
    software:
      - javaspringsecurity
    code:
      - https://github.com/open-policy-agent/contrib/tree/master/spring_authz
    tutorials:
      - https://github.com/open-policy-agent/contrib/blob/master/spring_authz/README.md
    inventors:
      - styra

  spinnaker-pipeline:
    title: Spinnaker Pipeline Policy Enforcment
    description: Spinnaker is a  Continuous Delivery and Deployment tool started by Netflix.  OPA lets you configure policies that dictate what kinds of Spinnaker pipelines developers can create.
    labels:
      layer: cicd
    software:
      - spinnaker
    blogs:
      - https://blog.armory.io/deployment-policies-with-spinnaker/
    tutorials:
      - https://docs.armory.io/spinnaker/policy_engine/
    inventors:
      - armory

  jenkins-job-authorization:
    title: Jenkins Job Trigger Policy Enforcement
    description: Jenkins automates software development processes.  OPA lets you control which people and which machines can run which Jenkins jobs.
    labels:
      layer: cicd
    software:
      - jenkins
    inventors:
      - pinterest
    videos:
      - title: "OPA at Scale: How Pinterest Manages Policy Distribution"
        speakers:
          - name: Will Fu
            organization: pinterest
          - name: Jeremy Krach
            organization: pinterest
        venue: OPA Summit at Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=LhgxFICWsA8


  elasticsearch-datafiltering:
    title: Elasticsearch Data Filtering
    description: Elasticsearch is a distributed, open source search and analytics engine.  This OPA integration lets an elasticsearch client construct queries so that the data returned by elasticsearch obeys OPA-defined policies.
    labels:
      layer: data
      category: filtering
    software:
      - elasticsearch
    code:
      - https://github.com/open-policy-agent/contrib/tree/master/data_filter_elasticsearch
    tutorials:
      - https://github.com/open-policy-agent/contrib/blob/master/data_filter_elasticsearch/README.md
    inventors:
      - styra

  # These two exist in the contrib directory, but what kind of integration they are illustrating is less
  #   clear than the others.  Need to come back to finish these.
  # azure-cosmos-datafiltering:
  #   title: Azure Cosmos Data Authorization
  #   description:
  #   labels:
  #     layer: data
  #     category: filtering
  #   software:
  #   - azurecosmos
  #   code:
  #   - https://github.com/open-policy-agent/contrib/tree/master/data_filter_azure
  #   tutorials:
  #   - https://github.com/open-policy-agent/contrib/blob/master/data_filter_azure/README.documentdb.md
  #   inventors:
  #   - microsoft

  # azure-tablestorage-datasource:
  #   title: Azure Table Storage as External Data
  #   description:
  #   labels:
  #     type: datasource
  #   software:
  #   - azuretablestorage
  #   code:
  #   - https://github.com/open-policy-agent/contrib/tree/master/data_filter_azure
  #   tutorials:
  #   - https://github.com/open-policy-agent/contrib/blob/master/data_filter_azure/README.documentdb.md
  #   inventors:
  #   - microsoft

  sql-datafiltering:
    title: SQL Database Data Filtering
    description: This integration enables the client of a SQL database to enhance a SQL query so that the results obey an OPA-defined policy.
    labels:
      layer: data
      category: filtering
    software:
      - sqlite
    code:
      - https://github.com/open-policy-agent/contrib/tree/master/data_filter_example
    blogs:
      - https://blog.openpolicyagent.org/write-policy-in-opa-enforce-policy-in-sql-d9d24db93bf4
    inventors:
      - styra

  clair-datasource:
    title: Kubernetes Admission Control using Vulnerability Scanning
    description: Admission control policies in Kubernetes can be augmented with vulnerability scanning results to make more informed decisions.  This integration demonstrates how to integrate Clair with OPA and run it as an admission controller.
    software:
      - kubernetes
      - clair
    labels:
      layer: orchestration
      category: containers
      datasource: clair
    code:
      - https://github.com/open-policy-agent/contrib/tree/master/image_enforcer
    tutorials:
      - https://github.com/open-policy-agent/contrib/blob/master/image_enforcer/README.md

  cloudflare-worker:
    title: Cloudflare Worker Enforcement of OPA Policies Using WASM
    description: Cloudflare Workers are a serverless platform that supports WASM.  This integration uses OPA's WASM compiler to generate code enforced at the edge of Cloudflare's network.
    software:
      - cloudflare
    labels:
      layer: application
      category: serverless
    code:
      - https://github.com/open-policy-agent/contrib/tree/master/wasm/cloudflare-worker
    tutorials:
      - https://github.com/open-policy-agent/contrib/blob/master/wasm/cloudflare-worker/README.md

  docker-machine:
    title: Docker controls via OPA Policies
    description: Docker's out of the box authorization model is all or nothing.  This integration demonstrates how to use OPA's context-aware policies to exert fine-grained control over Docker.
    software:
      - docker
    labels:
      layer: server
      category: container
    code:
      - https://github.com/open-policy-agent/opa-docker-authz
    tutorials:
      - https://www.openpolicyagent.org/docs/latest/docker-authorization/
    inventors:
      - styra

  conftest:
    title: Conftest -- Configuration checking
    description: Conftest is a utility built on top of OPA to help you write tests against structured configuration data.
    labels:
      type: poweredbyopa
      layer: configuration
    code:
      - https://github.com/instrumenta/conftest
    software:
      - CUE
      - Kustomize
      - terraform
      - Serverless Framework
      - AWS SAM Framework
      - INI
      - TOML
      - Dockerfile
      - HCL2
    videos:
      - title: "Applying Policy Throughout the Application Lifecycle with Open Policy Agent"
        speakers:
          - name: Gareth Rushgrove
            organization: snyk
        venue: Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=cXfsaE6RKfc

  boomerang-bosun:
    title: Boomerang Bosun Policy Gating
    description: Boomerang Bosun is a policy-based gating system that combines Policy Templates with Rules and data to validate Gates.
    labels:
      type: poweredbyopa
      layer: application
    code:
      - https://www.useboomerang.io/
      - https://github.com/boomerang-io
    inventors:
      - ibm
      - boomerang
    software:
      - bosun

  kubeshield:
    title: Secure Kubernetes using eBPF & Open Policy Agent
    description: Ensure runtime security in any linux machine by combining Extended Berkeley Packet Filter(eBPF) and Open Policy Agent.
    software:
      - Linux
      - Kubernetes
      - eBPF
    labels:
      layer: application
      catagory: filtering
    code:
      - https://github.com/kubeshield/bpf-opa-demo
    blogs:
      - https://blog.byte.builders/post/bpf-opa/

  php-authorization:
    title: HTTP API Authorization in PHP
    description: This integration demonstrates using OPA to perform API authorization in a PSR-15 compliant framework.
    labels:
      layer: network
      category: application
    software:
      - php
    tutorials:
      - https://coil.com/p/segra/OPA-for-API-Authorization-with-Slim-PHP/H-7YsQL2m
    code:
      - https://github.com/segrax/opa-php-examples
      - https://github.com/segrax/openpolicyagent

  gradle-plugin:
    title: Gradle Build Plugin
    description: Build plugin adding various tasks to support using OPA as part of Gradle builds
    labels:
      layer: cicd
      category: cicdplugin
      type: poweredbyopa
    software:
      - gradle
      - java
      - groovy
      - kotlin
      - jvm
    code:
      - https://github.com/Bisnode/opa-gradle-plugin
      - https://plugins.gradle.org/plugin/com.bisnode.opa
    inventors:
      - bisnode

  custom-application:
    title: Custom Application Authorization
    description: |
      Application require authorization decisions made at the API gateway, frontend, backend, and database.
      OPA helps developers decouple authorization logic from application code, define a custom authorization model
      that enables end-users to control tenant permissions, and enforce that policy across the different components of the
      application (gateway, frontend, backend, database).
    tutorials:
      - https://github.com/chef/automate/tree/master/components/authz-service#authz-with-opa
    blogs:
      - https://blog.verygoodsecurity.com/posts/building-a-fine-grained-permission-system-in-a-distributed-environment/
      - https://choria.io/blog/post/2020/02/14/rego_policies_opa/
    videos:
      - title: "OPA in Practice: From Angular to OPA in Chef Automate"
        speakers:
          - name: Michael Sorens
            organization: chef
        venue: OPA Summit at Kubecon San Diego 2019
        link: https://www.youtube.com/watch?v=jrrW855xL3s


  sysdig-image-scanner:
    title: Kubernetes Sysdig Image Scanner Admission Controller
    description: Sysdig’s OPA Image Scanner combines Sysdig Secure image scanner with OPA policy-based rego language to evaluate the scan results and the admission context, providing great flexibility on the admission decision.
    software:
      - kubernetes
      - sysdigsecure
    labels:
      category: containers
      layer: orchestration
    code:
      - https://github.com/sysdiglabs/opa-image-scanner
    inventors:
      - sysdig

  pomerium-authz:
    title: Pomerium Access Proxy
    description: Pomerium is an identity-aware proxy that enables secure access to internal applications.  OPA implements authorization under the hood.
    labels:
      layer: network
      category: proxy
    software:
      - pomerium
    blogs:
      - https://www.pomerium.io/posts/2020/04/16/release-0-7/
    code:
      - https://github.com/pomerium/pomerium

  coredns-authz:
    title: CoreDNS Authorization
    description: CoreDNS is a cloud-native DNS server written in Go.  OPA can be used as a plugin to filter queries and responses.
    labels:
      layer: network
      category: dns
    software:
      - coredns
    code:
      - https://github.com/coredns/policy
    inventors:
      - infoblox

  gluu-gateway-authz:
    title: Gluu Gateway Authorization
    description: Gluu Gateway provides API authentication and authorization for websites built on Kong.  Gluu provides an OPA plugin to handle API authorization.
    labels:
      layer: network
      category: gateway
    software:
      - gluu
      - kong
    code:
      - https://github.com/GluuFederation/gluu-gateway

  pre-commit-hooks:
    title: Pre-commit hooks
    description: Pre-commit git hooks for OPA and Rego development
    labels:
      category: tooling
      layer: cicd
    software:
      - git
      - pre-commit
    code:
      - https://github.com/anderseknert/pre-commit-opa
    blogs:
      - https://www.eknert.com/tech/2020/08/31/pre-commit-hooks-for-opa
    inventors:
      - independent

  scalr-iacp:
    title: Scalr - Policy enforcement for Terraform
    description: Scalr allows teams to easily collaborate on Terraform through its pipeline that runs all Terraform operations, policy checks, and stores state. Scalr uses OPA to check the auto-generated Terraform JSON plan to ensure that it meets your organization standards prior to an apply.
    labels:
      category: Infrastructure as Code
      layer: cicd
    software:
      - Terraform
      - Scalr
    tutorials:
      - https://iacp.docs.scalr.com/en/latest/working-with-iacp/opa.html#creating-the-opa-policy
    code:
      - https://github.com/Scalr/sample-tf-opa-policies
    inventors:
      - scalr
    blogs:
      - https://www.scalr.com/blog/opa-is-to-policy-automation-as-terraform-is-to-iac/

organizations:
  styra:
    name: Styra
    link: https://styra.com
  microsoft:
    name: Microsoft
    link: https://microsoft.com
  google:
    name: Google
    link: https://google.com
  travelnest:
    name: TravelNest
    link: http://travelnest.com
  ticketmaster:
    name: TicketMaster
    link: https://www.ticketmaster.com/
  docker:
    name: Docker
    link: https://www.docker.com/
  snyk:
    name: Snyk
    link: https://snyk.io/
  ceph:
    name: Ceph
    link: https://ceph.io/
  redhat:
    name: RedHat
    link: https://www.redhat.com
  medallia:
    name: Medallia
    link: https://www.medallia.com/
  gsoc:
    name: Google Summer of Code
    link: https://summerofcode.withgoogle.com/
  cisco:
    name: Cisco
    link: https://www.cisco.com/
  adaptant:
    name: Adaptant
    link: https://www.adaptant.io/
  armory:
    name: Armory
    link: https://www.armory.io/
  minio:
    name: Minio
    link: https://min.io/
  ibm:
    name: IBM
    link: https://developer.ibm.com/open
  boomerang:
    name: Boomerang
    link: https://www.useboomerang.io/
  bisnode:
    name: Bisnode
    link: https://www.bisnode.com
  goldmansachs:
    name: Goldman Sachs
    link: https://www.goldmansachs.com/
  pinterest:
    name: Pinterest
    link: https://www.pinterest.com/
  atlassian:
    name: Atlassian
    link: https://www.atlassian.com/
  tripadvisor:
    name: TripAdvisor
    link: https://www.tripadvisor.com/
  chef:
    name: Chef
    link: https://www.chef.io/
  buoyant:
    name: Buoyant
    link: https://buoyant.io/
  netflix:
    name: Netflix
    link: https://www.netflix.com/
  capitalone:
    name: CapitalOne
    link: https://www.capitalone.com/
  yelp:
    name: Yelp
    link: https://www.yelp.com/
  sysdig:
    name: Sysdig
    link: https://sysdig.com/
  wada-ama:
    name: World Anti-Doping Agency
    link: https://www.wada-ama.org
  infoblox:
    name: InfoBlox
    link: https://www.infoblox.com/
  independent:
    name: Independent developer
    link: https://www.openpolicyagent.org
  scalr:
    name: Scalr
    link: https://www.scalr.com/

software:
  kubernetes:
    name: Kubernetes
    link: https://kubernetes.io
  envoy:
    name: Envoy
    link: https://envoyproxy.io
  istio:
    name: Istio
    link: https://istio.io
  kong:
    name: Kong
    link: https://konghq.com/
  linuxpam:
    name: Linux PAM
    link: http://www.linux-pam.org/
  terraform:
    name: Terraform
    link: https://www.terraform.io/
  kafka:
    name: Kafka
    link: https://kafka.apache.org/
  ceph:
    name: Ceph
    link: https://ceph.io/
  aws:
    name: Amazon Public Cloud
    link: https://aws.com
  gcp:
    name: Google Public Cloud
    link: https://cloud.google.com/
  azure:
    name: Microsoft Public Cloud
    link: http://azure.microsoft.com/
  javaspringsecurity:
    name: Spring Security
    link: https://spring.io/projects/spring-security
  spinnaker:
    name: Spinnaker
    link: https://www.spinnaker.io/
  elasticsearch:
    name: Elastic Search
    link: https://www.elastic.co/
  azurecosmos:
    name: Azure Cosmos
    link: https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
  azuretablestorage:
    name: Azure Table Storage
    link: https://docs.microsoft.com/en-us/azure/cosmos-db/table-storage-overview
  sqlite:
    name: SQLite
    link: https://www.sqlite.org/index.html
  clair:
    name: Clair
    link: https://github.com/coreos/clair
  cloudflare:
    name: Cloudflare
    link: https://www.cloudflare.com
  openfaas:
    name: OpenFaaS
    link: https://www.openfaas.com/
  minio:
    name: Minio
    link: https://min.io/
  dart:
    name: dart
    link: https://dart.dev/
  docker:
    name: Docker
    link: https://www.docker.com/
  bosun:
    name: Boomerang Bosun
    link: https://www.useboomerang.io/
  php:
    name: PHP
    link: https://www.php.net/
  gradle:
    name: Gradle
    link: https://gradle.org/
  jenkins:
    name: Jenkins
    link: https://jenkins.io/
  sysdigsecure:
    name: Sysdig Secure
    link: https://sysdig.com/products/kubernetes-security/
  pomerium:
    name: Pomerium
    link: https://www.pomerium.io/
  coredns:
    name: CoreDNS
    link: https://coredns.io/
  gluu:
    name: Gluu Gateway
    link: https://www.gluu.org/