Cloud Native Computing Foundation Announces Open Policy Agent Graduation
SAN FRANCISCO, Feb. 4, 2020 -- The Cloud Native Computing Foundation (CNCF), which builds sustainable ecosystems for cloud native software, today announced the graduation of Open Policy Agent (OPA). OPA has demonstrated widespread adoption, an open governance process, feature maturity, and a strong commitment to community, sustainability, and inclusivity to move from the maturity level of incubation to graduation.
OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation. More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.
“As the cloud native ecosystem grows, it’s more important than ever for organizations to have access to policy enforcement tools built for modern cloud native deployments,” said Chris Aniszczyk, CTO of the Cloud Native Computing Foundation. “Since joining CNCF, OPA has expanded to integrate with many of today’s most widely used tools and technologies and its broad adoption reflects its versatility across a wide variety of use cases.”
The project has been adopted widely in production by organizations like Goldman Sachs, Netflix, Pinterest, T-Mobile, and many others. According to a recent OPA user survey of more than 150 organizations, 91% indicated they use OPA in some stage of OPA adoption from QA to production. More than half indicated they use OPA for at least two use cases. The most common use cases for OPA are configuration authorization (such as Kubernetes admission control) and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.
"When we started OPA, we knew that policy and authorization were going to become more critical than ever, due to heterogeneous and complex app deployments," said Torin Sandall, OPA co-founder and VP of Open Source at Styra. “We also knew we’d need the support of the community for integrations, performance, and knowledge-sharing. It’s thanks to this amazing group of folks that OPA today has become a graduated project and the de facto toolset and framework for expressing authorization policy across the stack.”
During its time in the CNCF incubator, OPA underwent two external security audits, the results of which can be found here and here, and OPA completed the SIG-Security assessment process. The team has defined a security vulnerability disclosure process and a security response team, which includes individuals from three current maintainer organizations.
“Thanks to OPA’s streamlined policy language, I can take policies that would otherwise require dozens of lines of code, and instead write them in just five or six lines. This means I was able to—literally overnight—take all of our existing policies and transition them to OPA,” said Joe Searcy, Member of Technical Staff, Distributed Systems at T-Mobile.
To officially graduate from incubating status, the project was certified for CII Best Practices Badge, completed security audits and addressed vulnerabilities, defined its own governance, and adopted the CNCF Code of Conduct.
To learn more about OPA, visit https://www.openpolicyagent.org.
About Cloud Native Computing Foundation
Cloud native computing empowers organizations to build and run scalable applications with an open source software stack in public, private, and hybrid clouds. The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure, including Kubernetes, Prometheus, and Envoy. CNCF brings together the industry’s top developers, end users, and vendors, and runs the largest open source developer conferences in the world. Supported by more than 500 members, including the world’s largest cloud computing and software companies, as well as over 200 innovative startups, CNCF is part of the nonprofit Linux Foundation. For more information, please visit www.cncf.io.