#openpolicyagent — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #openpolicyagent, aggregated by home.social.
-
Wrote a little something about #rego, #OpenPolicyAgent's policy language and how I use it for some configuration problems: https://zerokspot.com/weblog/2026/02/21/complex-applogic-config-with-rego/ #blogged
-
Wrote a little something about #rego, #OpenPolicyAgent's policy language and how I use it for some configuration problems: https://zerokspot.com/weblog/2026/02/21/complex-applogic-config-with-rego/ #blogged
-
Wrote a little something about #rego, #OpenPolicyAgent's policy language and how I use it for some configuration problems: https://zerokspot.com/weblog/2026/02/21/complex-applogic-config-with-rego/ #blogged
-
Wrote a little something about #rego, #OpenPolicyAgent's policy language and how I use it for some configuration problems: https://zerokspot.com/weblog/2026/02/21/complex-applogic-config-with-rego/ #blogged
-
Wrote a little something about #rego, #OpenPolicyAgent's policy language and how I use it for some configuration problems: https://zerokspot.com/weblog/2026/02/21/complex-applogic-config-with-rego/ #blogged
-
I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).
Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.
SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.
Docs: https://docs.spacelift.io/concepts/policy/notification-policy
Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.
-
I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).
Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.
SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.
Docs: https://docs.spacelift.io/concepts/policy/notification-policy
Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.
-
I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).
Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.
SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.
Docs: https://docs.spacelift.io/concepts/policy/notification-policy
Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.
-
I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).
Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.
SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.
Docs: https://docs.spacelift.io/concepts/policy/notification-policy
Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.
-
I love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).
Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.
SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.
Docs: https://docs.spacelift.io/concepts/policy/notification-policy
Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.
-
Using or trialling OPA? We want to hear from you in our 2025 Community Survey.
https://www.surveymonkey.com/r/SCBSDZN
Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.
We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!
-
Using or trialling OPA? We want to hear from you in our 2025 Community Survey.
https://www.surveymonkey.com/r/SCBSDZN
Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.
We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!
-
Using or trialling OPA? We want to hear from you in our 2025 Community Survey.
https://www.surveymonkey.com/r/SCBSDZN
Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.
We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!
-
Note from Teemu, Tim, and Torin to the #OpenPolicyAgent community
-
Skipper deployed as ingress in your #kubernetes cluster and #OpenPolicyAgent as rule engine got a significant speedup https://github.com/zalando/skipper/releases/tag/v0.22.51
Blue line “old” Red line “new” -
Great blog from Square, on how they built a custom solution for #Kubernetes guardrails on top of Open Policy Agent. This is a perfect example of the flexibility OPA provides organizations to solve the most advanced use cases!
https://developer.squareup.com/blog/kube-policies-guardrails-for-apps-running-in-kubernetes/
-
The #KubeCon recordings are now on YouTube! We'll be posting links to all the #OpenPolicyAgent related ones as we watch them. First out is the #OPA maintainer track session, where @charlieegan3 and @anderseknert give a short introduction to OPA and Rego, followed by a deep-dive into recent performance improvements, and a sneak peek at the project roadmap. Check it out!
-
For anyone at #KubeCon, me and @charlieegan3 will close the day off by presenting an introduction, deep-dive and roadmap for #OpenPolicyAgent at 17:30. I know it’s late, but stick around, as we have a lot of cool things to show you!
https://kccnceu2025.sched.com/event/1td0h/open-policy-agent-opa-intro-deep-dive-charlie-egan-styra
-
Today I was in the mood and packaged #regal and #opa for @opensuse
Packages still need more testing, but the first steps are done. Found a glitch in the OPA ldflags handling and reported it upstream.
Should arrive in #Tumbleweed soon-ish.
-
Today I was in the mood and packaged #regal and #opa for @opensuse
Packages still need more testing, but the first steps are done. Found a glitch in the OPA ldflags handling and reported it upstream.
Should arrive in #Tumbleweed soon-ish.
-
Today I was in the mood and packaged #regal and #opa for @opensuse
Packages still need more testing, but the first steps are done. Found a glitch in the OPA ldflags handling and reported it upstream.
Should arrive in #Tumbleweed soon-ish.
-
Today I was in the mood and packaged #regal and #opa for @opensuse
Packages still need more testing, but the first steps are done. Found a glitch in the OPA ldflags handling and reported it upstream.
Should arrive in #Tumbleweed soon-ish.
-
Today I was in the mood and packaged #regal and #opa for @opensuse
Packages still need more testing, but the first steps are done. Found a glitch in the OPA ldflags handling and reported it upstream.
Should arrive in #Tumbleweed soon-ish.
-
9 years. I guess we’re doing this..
-
SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows https://gbhackers.com/smb-auth-vulnerability-opa-windows/ #OpenPolicyAgent(OPA)Security #NTLMCredentialExposure #CVE/vulnerability #CyberSecurityNews #ExploitationTools #CVE20248260
-
Dependency Management Data's Open Policy Agent support is now a whole lot more efficient
Talking about the latest release of Dependency Management Data and some refactoring that's led to better performance.
https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/27/dmd-opa-perf/
-
Dynamically querying EndOfLife.date data for internal packages with Open Policy Agent and Dependency Management Data
How you can retrieve End-of-Life data via EndOfLife.date using Dependency Management Data's Policies functionality.
https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/14/dmd-opa-eol/
-
We also saw community-driven efforts to support CI, binaries, and containers for the Eventing #Kafka Broker receiver & dispatcher (containers), #OpenPolicyAgent's Conftest (ci, binaries), #Skupper (ci, binaries), #Goss (ci, binaries), & rotobuf-maven-plugin (ci) 🎉
-
We also saw community-driven efforts to support CI, binaries, and containers for the Eventing #Kafka Broker receiver & dispatcher (containers), #OpenPolicyAgent's Conftest (ci, binaries), #Skupper (ci, binaries), #Goss (ci, binaries), & rotobuf-maven-plugin (ci) 🎉
-
We also saw community-driven efforts to support CI, binaries, and containers for the Eventing #Kafka Broker receiver & dispatcher (containers), #OpenPolicyAgent's Conftest (ci, binaries), #Skupper (ci, binaries), #Goss (ci, binaries), & rotobuf-maven-plugin (ci) 🎉
-
We also saw community-driven efforts to support CI, binaries, and containers for the Eventing #Kafka Broker receiver & dispatcher (containers), #OpenPolicyAgent's Conftest (ci, binaries), #Skupper (ci, binaries), #Goss (ci, binaries), & rotobuf-maven-plugin (ci) 🎉
-
We also saw community-driven efforts to support CI, binaries, and containers for the Eventing #Kafka Broker receiver & dispatcher (containers), #OpenPolicyAgent's Conftest (ci, binaries), #Skupper (ci, binaries), #Goss (ci, binaries), & rotobuf-maven-plugin (ci) 🎉
-
At last! Our #KubeCon talk "Open Policy Agent — Intro and Deep Dive" is now up on YouTube 😃 I can't stand hearing / watching myself talk, but hopefully you won't feel the same aversion. Covering an intro to the project, some updates, a roadmap, and much more. Check it out!
-
Good morning from #KubeCon! If you’re here and want to meet, find me in the #OpenPolicyAgent kiosk in the project pavilion. Also, don’t miss my talk on today at 15:25 if you’re curious about #OPA, #Rego, and anything related.
-
Межсервисная авторизация в Авито PaaS
Антон Губарев, инженер в Avito PaaS, рассказал, как реализовать межсервисную авторизацию на 2500 сервисов и ничего не сломать.
-
Anyone have a good write up/how-to for standing up #OpenPolicyAgent server? Looking at the documentation, I'm a bit lost on how to point it to rego files, and how to have my clients call OPA to evaluate their JSON.
My use case is kind of fun - have all my team's Terraform repos do a pre-merge OPA evaluation on the Terraform plan. I'd like to get away from bundling the rego with the repos - the developers could just change the accept criteria and hope nobody notices in the pull request.
So success looks like having a rego file on a remote opa server that will allow a user to POST a url with their terraform plan, and get back the results.
Any ideas?
(ping @anderseknert)
-
@anderseknert This looks really cool - I need to carve out some time at work to dive back into Open Policy Agent. We have a decent little workflow for validating Terraform plans, but I'd love to get it further refined.
Plus, getting a OPA server rather than trusting the engineers/pipeline to validate their own policy would be nice.
-
What better way to spend the weekend than with a new version of #Regal? Everyone's favorite #Rego linter now have 2 more new rules, and some other nice improvements added. Check it out!
-
Just published! #OpenPolicyAgent 2023, year in review. It’s always such a joy looking back at everything that happened in our community in the past year. And for a project the size of #OPA, it’s a *lot*.
Thanks @charlieegan3, @ritazh and @jpreese for co-authoring the blog with me.
Check it out!
https://blog.openpolicyagent.org/open-policy-agent-2023-year-in-review-4c12df22e351
-
Regal v0.14.0 just released! 🎉 The latest edition of the #OPA community's favorite #Rego linter features two new rules, a new output format, and many improvements and fixes. Release notes and downloads here: https://github.com/StyraInc/regal/releases/tag/v0.14.0
#OpenPolicyAgent #DevOps #DevSecOps #PolicyAsCode #Linter #CodeQuality #IAM
-
You can now use Open Policy Agent with dependency-management-data
How to use Open Policy Agent to perform much more effective flagging of package compliance with dependency-management-data.
https://fed.brid.gy/r/https://www.jvt.me/posts/2023/11/24/dmd-opa/
-
Anyone got any tips or best practices for building #OpenPolicyAgent into your project? Had an idea to integrate it with dependency-management-data and now can't unthink it 🤓
-
Regal v0.13.0 just released! Featuring 3 new linter rules, performance improvements across the board, and many improvements and fixes. If you're working with #OPA and #Rego in any way, make sure to try it out! Regal aims to help not just by finding bugs and issues, but to teach developers of all levels idiomatic Rego.
I'd love to hear what you think!
https://github.com/StyraInc/regal/releases/tag/v0.13.0
#OpenPolicyAgent #CloudNative #DevOps #DevSecOps #IAM #CodeQuality #Linter
-
Regal v0.12.0 just released! The latest edition of the #OPA community's favorite #Rego linter adds 4 new linter rules, a long-awaited capabilities feature, and many other improvements and fixes. Check out the full changelog, and get your copy!
https://github.com/StyraInc/regal
#Regal #OpenPolicyAgent #PolicyAsCode #CloudNative #DevOps #DevSecOps #Authorization #Linter
-
#Regal goes to 11! Or v0.11.0 anyway. This release adds six new rules to the #linter, bringing the total number of rules up to our roadmap goal of 50! 🎉 Also includes a number of improvements and fixes to existing rules. Truly heartwarming to see so many starting to adopt this tool as part of their #Rego development toolkit.
Read about all the new rules, and get your copy here: https://github.com/StyraInc/regal/releases/tag/v0.11.0
-
Make your security policy auditable
https://blog.frankel.ch/security-policy-auditable/
#SpringSecurity #OpenPolicyAgent #OPA #architecture #solutionarchitecture #fromthearchives
-
Tonight I’m playing with #rq, a tool originally intended as a #jq replacement using #Rego as its query language, but which eventually grew to be useful for format transformations, and now a full-blown #scripting environment. All powered by #OPA. Madness, obviously, but just the right kind of madness.
#DevOps #DevSecOps #PolicyAsCode #OpenPolicyAgent #IAM #Code #CloudNative
-
Tonight I’m playing with #rq, a tool originally intended as a #jq replacement using #Rego as its query language, but which eventually grew to be useful for format transformations, and now a full-blown #scripting environment. All powered by #OPA. Madness, obviously, but just the right kind of madness.
#DevOps #DevSecOps #PolicyAsCode #OpenPolicyAgent #IAM #Code #CloudNative
-
Tonight I’m playing with #rq, a tool originally intended as a #jq replacement using #Rego as its query language, but which eventually grew to be useful for format transformations, and now a full-blown #scripting environment. All powered by #OPA. Madness, obviously, but just the right kind of madness.
#DevOps #DevSecOps #PolicyAsCode #OpenPolicyAgent #IAM #Code #CloudNative