Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

🐊 Policy Controller for Kubernetes

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (LSM-BPF, AppArmor).

A GitHub App that enforces approval policies on pull requests

Pike is a tool for determining the permissions or policy required for IAC code

Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices

An open source, cloud-native security to protect everything from build to runtime

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

Kubernetes tool for scanning clusters for network policies and identifying unprotected workloads.

Kubernetes security tool for policy enforcement

A policy management tool for interacting with Gatekeeper

A plugin to enforce OPA policies with Envoy

Sidecar for managing OPA instances in Kubernetes.

Execution-Layer Security (ELS) for AI agents — policy-enforced shell with audit.

Speedle is an open source project for access control.

Kyverno for any JSON!

INTERCEPT / Policy as Code Auditing

MIDAS is an open platform for governing execution authority at decision surfaces across agents, AI systems, and enterprise workflows.