# open-policy-agent/conftest

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/open-policy-agent-conftest).**

3,128 stars · 335 forks · Go · other

## Links

- GitHub: https://github.com/open-policy-agent/conftest
- Homepage: https://conftest.dev
- awesome-repositories: https://awesome-repositories.com/repository/open-policy-agent-conftest.md

## Topics

`kubernetes` `open-policy-agent` `openpolicyagent` `rego` `testing`

## Description

Conftest is a suite of tools designed for validating structured configurations, testing policy logic, and generating policy documentation. It serves as a configuration file validator that checks YAML, JSON, and Helm charts for security violations and compliance issues using declarative rules.

The project functions as an Open Policy Agent testing tool, allowing structured configuration files to be validated against custom policies written in Rego. It includes a policy-as-code testing framework to ensure policy logic is correct and a utility to extract metadata from Rego code to create static markdown reference files.

The tool provides capabilities for infrastructure-as-code testing, configuration compliance auditing, and integration into CI/CD pipelines to block non-compliant changes. It supports executing policy validations within containerized environments to maintain consistency across different host operating systems.

## Tags

### Development Tools & Productivity

- [Policy Evaluation Engines](https://awesome-repositories.com/f/development-tools-productivity/configuration-driven-scanning-engines/benchmark-scanning/benchmark-driven-configurations/policy-evaluation-engines.md) — Provides a policy evaluation engine that checks structured configurations against declarative Rego rules to determine compliance.
- [Policy-Based Validations](https://awesome-repositories.com/f/development-tools-productivity/configuration-file-validators/policy-based-validations.md) — Provides declarative policy validation for YAML, JSON, and Helm charts to identify security violations and compliance issues. ([source](https://www.conftest.dev/))
- [Configuration File Validators](https://awesome-repositories.com/f/development-tools-productivity/configuration-file-validators.md) — Validates the syntax and settings of YAML, JSON, and Helm chart configuration files against declarative rules.
- [Documentation Generators](https://awesome-repositories.com/f/development-tools-productivity/documentation-discovery-metadata/knowledge-documentation-management/documentation-knowledge-tools/documentation-generators.md) — Extracts structured metadata from policy source code to automatically generate human-readable markdown reference guides. ([source](https://conftest.dev/documentation/))

### Data & Databases

- [Configuration Normalization](https://awesome-repositories.com/f/data-databases/data-serialization-formats/data-formats/json/configuration-normalization.md) — Converts various configuration formats into a common JSON representation for consistent analysis by the policy engine.

### DevOps & Infrastructure

- [Static Configuration Analysis](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure-security/static-configuration-analysis.md) — Performs static analysis of infrastructure-as-code configuration files to identify security risks before deployment.
- [Configuration and Policy Enforcement](https://awesome-repositories.com/f/devops-infrastructure/infrastructure/configuration-policy-enforcement.md) — Integrates with Open Policy Agent to define and enforce governance and operational standards across structured data.
- [CI/CD Policy Gates](https://awesome-repositories.com/f/devops-infrastructure/ci-cd-policy-gates.md) — Automates the validation of configuration files within a pipeline to block non-compliant changes from reaching production.

### Security & Cryptography

- [Audit and Compliance](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/audit-and-compliance.md) — Checks structured system settings against organizational standards to ensure they meet security and operational compliance requirements.
- [Infrastructure as Code Scanners](https://awesome-repositories.com/f/security-cryptography/infrastructure-as-code-scanners.md) — Analyzes infrastructure-as-code configuration files statically to detect security risks and compliance issues before deployment.
- [Policy-As-Code Engines](https://awesome-repositories.com/f/security-cryptography/policy-as-code-engines.md) — Provides a framework to validate infrastructure plans against security and compliance rules using policy-as-code.
- [Policy Validators](https://awesome-repositories.com/f/security-cryptography/policy-based-access-control/policy-validators.md) — Provides tools for checking Rego-based authorization and configuration rules for syntax and logical errors.

### Software Engineering & Architecture

- [Policy Logic Testing](https://awesome-repositories.com/f/software-engineering-architecture/core-business-logic/logic-verification-utilities/infrastructure-logic-verification/policy-logic-testing.md) — Executes test suites against defined policies to ensure rules behave correctly before application to configuration files. ([source](https://www.conftest.dev/))
- [Stateless Architectures](https://awesome-repositories.com/f/software-engineering-architecture/stateless-architectures.md) — Implements a stateless architecture for policy evaluation to ensure reproducible and predictable validation results.

### Testing & Quality Assurance

- [Policy Assertion Libraries](https://awesome-repositories.com/f/testing-quality-assurance/general-testing-utilities/test-utilities-assertions/policy-assertion-libraries.md) — Tests configuration files against defined assertions to ensure they adhere to specific security or operational policies. ([source](https://cdn.jsdelivr.net/gh/open-policy-agent/conftest@master/README.md))
- [Violation Source Mapping](https://awesome-repositories.com/f/testing-quality-assurance/violation-source-mapping.md) — Associates policy failures with specific line numbers and file paths by extracting coordinates from the parsed configuration.