What is OPA (Open Policy Agent)?
A general-purpose policy engine for enforcing authorization decisions across the stack.
OPA (Open Policy Agent) is a CNCF graduated policy engine that decouples policy decision-making from application code. Policies are written in Rego, a declarative language. In Kubernetes, OPA Gatekeeper implements OPA as an admission controller: policies (ConstraintTemplates and Constraints) can reject or mutate resources that violate rules — for example, requiring all pods to have resource limits, or blocking privileged containers.
Deep Dive Guide
how to build devsecops pipeline
More Security Terms
DevSecOps
Integrating security practices into every stage of the DevOps pipeline.
Falco
A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.
JWT (JSON Web Token)
A compact, self-contained token format for transmitting claims between parties.
mTLS (Mutual TLS)
Two-way TLS authentication where both client and server verify each other's certificates.
OAuth2
An authorization framework allowing third-party apps limited access to user accounts.
OIDC (OpenID Connect)
An identity layer on top of OAuth2 that provides user authentication.
Test your knowledge of OPA (Open Policy Agent) and 130 other DevOps concepts