awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

10 مستودعات

Awesome GitHub RepositoriesPolicy as Code

Frameworks for defining and enforcing security policies through code.

Explore 10 awesome GitHub repositories matching part of an awesome list · Policy as Code. Refine with filters or upvote what's useful.

Awesome Policy as Code GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • open-policy-agent/opaالصورة الرمزية لـ open-policy-agent

    open-policy-agent/opa

    11,860عرض على GitHub↗

    This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployme

    General-purpose engine for unified policy enforcement.

    Goauthorizationcloud-nativecompliance
    عرض على GitHub↗11,860
  • kyverno/kyvernoالصورة الرمزية لـ kyverno

    kyverno/kyverno

    7,841عرض على GitHub↗

    Kyverno is a Kubernetes policy engine and cloud native governance tool. It functions as a policy-as-code framework that validates, mutates, and generates resources to enforce security and governance standards within a cluster. The project distinguishes itself through a declarative policy model that utilizes native Kubernetes custom resource definitions, allowing policies to be managed as standard cluster objects without custom code. It provides specific security capabilities for container image verification and signature validation to ensure only trusted images are deployed. Its broader capa

    Policy engine specifically designed for Kubernetes.

    Go
    عرض على GitHub↗7,841
  • cncf/curriculumالصورة الرمزية لـ cncf

    cncf/curriculum

    6,578عرض على GitHub↗

    The CNCF Curriculum is an open-source repository that organizes exam domains and learning paths for CNCF certification courses covering Kubernetes and cloud-native technologies. It structures certification content into weighted domains that reflect exam question distribution, providing a structured study guide for candidates preparing for CNCF certifications. The curriculum is organized around multiple cloud-native domains including networking, security, GitOps, platform engineering, and certification preparation. It teaches cloud-native concepts through the lens of building and operating int

    Weaves Kyverno policy management into Kubernetes security and compliance learning tracks.

    cncf
    عرض على GitHub↗6,578
  • datreeio/datreeالصورة الرمزية لـ datreeio

    datreeio/datree

    6,339عرض على GitHub↗

    Datree is a policy enforcement framework for Kubernetes that validates configurations against rules written in Rego, JSON Schema, or CEL. It operates as both a command-line tool for pre-deployment scanning and as a cluster-side admission webhook for real-time enforcement, integrating with CI/CD pipelines and continuous delivery tools like ArgoCD and FluxCD. The framework supports namespace-scoped policy mapping, allowing different policies to apply to different namespaces, and provides a skip annotation mechanism for selectively bypassing rules on individual resources or entire namespaces. It

    Creates and publishes YAML policies files that link custom rules to named policies for Kubernetes enforcement.

    Goadmission-webhookbest-practicescli
    عرض على GitHub↗6,339
  • cerbos/cerbosالصورة الرمزية لـ cerbos

    cerbos/cerbos

    4,460عرض على GitHub↗

    Cerbos is an open-source authorization service that provides a centralized, language-agnostic engine for managing access control. It functions as a policy-as-code platform, allowing teams to define, test, and distribute authorization rules using declarative YAML or JSON configurations. By decoupling access logic from application code, it enables consistent permission enforcement across diverse service stacks. The project distinguishes itself through its ability to translate high-level authorization policies into native database query filters. This capability allows applications to enforce sec

    Defines authorization rules in human-readable files held centrally, allowing updates to access logic without modifying application code.

    Goaccess-controlauthorizationgo
    عرض على GitHub↗4,460
  • gofireflyio/aiacالصورة الرمزية لـ gofireflyio

    gofireflyio/aiac

    3,794عرض على GitHub↗

    aiac is an AI-powered command line tool designed to translate natural language requests into infrastructure code, DevOps workflows, and system scripts. It operates as a generator that uses large language models to produce cloud provisioning files, configuration files, and executable automation scripts directly from the terminal. The tool features a provider-agnostic model abstraction and a configuration-based routing system, allowing users to switch between different AI backends and discover compatible models. It includes an interactive shell interface for refining generated outputs through i

    Generates compliance and governance rules to enforce operational standards using a policy-as-code approach.

    Goaiamazon-bedrockchatgpt
    عرض على GitHub↗3,794
  • inspec/inspecالصورة الرمزية لـ inspec

    inspec/inspec

    3,072عرض على GitHub↗

    InSpec: Auditing and Testing Framework

    Testing framework for infrastructure compliance and security.

    Ruby
    عرض على GitHub↗3,072
  • devopshivehq/dynamic-devops-roadmapالصورة الرمزية لـ DevOpsHiveHQ

    DevOpsHiveHQ/dynamic-devops-roadmap

    2,429عرض على GitHub↗

    هذا المشروع عبارة عن منصة تعليمية ومنهج مصمم لتدريس هندسة السحابة الأصلية (cloud-native)، وأتمتة البنية التحتية، وممارسات تسليم البرمجيات. يوفر خارطة طريق منظمة لإتقان الكفاءات الأساسية، بما في ذلك تنسيق الحاويات، وسير عمل GitOps، والتكامل والتسليم المستمر. تتميز المنصة بدمج التدريب التقني مع التطوير المهني الوظيفي. فهي تقدم مشاريع عملية، ومحاكاة موجهة، وتقييمات للكفاءة التقنية تعكس بيئات الهندسة الواقعية. يمكن للمستخدمين التقدم عبر مسارات تعليمية متسلسلة تغطي دورة حياة تسليم البرمجيات بالكامل، بدءاً من وضع التطبيق في حاويات أولية وصولاً إلى إدارة البنية التحتية على مستوى الإنتاج. بعيداً عن التعليمات التقنية، يتضمن المشروع موارد للتقدم الوظيفي، مثل تحسين السيرة الذاتية والتحضير للمقابلات. كما يوفر توجيهاً حول تنفيذ ممارسات قياسية في الصناعة مثل التحقق من السياسات ككود (policy-as-code)، وقابلية مراقبة النظام، وإدارة البنية التحتية التصريحية لضمان تلبية المعايير التشغيلية.

    Enforces security and operational standards by programmatically validating infrastructure configurations against predefined rules.

    TypeScriptagilebootcampcareer
    عرض على GitHub↗2,429
  • aws-cloudformation/cloudformation-guardالصورة الرمزية لـ aws-cloudformation

    aws-cloudformation/cloudformation-guard

    1,384عرض على GitHub↗

    Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0

    Policy-as-code tool for CloudFormation templates.

    Rust
    عرض على GitHub↗1,384
  • mondoohq/cnspecالصورة الرمزية لـ mondoohq

    mondoohq/cnspec

    429عرض على GitHub↗

    An open source, cloud-native security to protect everything from build to runtime

    Cloud-native engine for assessing infrastructure compliance.

    Go
    عرض على GitHub↗429
  1. Home
  2. Part of an Awesome List
  3. DevOps & Infrastructure
  4. Policy as Code