OPA Integration Guide

Integrate Open Policy Agent (OPA) with Vulnetix. Write Rego policies, evaluate them against Kubernetes manifests, Terraform plans, or any JSON/YAML configuration with conftest, and upload results.

Install & scan

$ # OPA binary
curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64_static
chmod +x opa && sudo mv opa /usr/local/bin/

# conftest (wraps OPA for structured config testing with SARIF output)
brew install conftest
# or
curl -L https://github.com/open-policy-agent/conftest/releases/latest/download/conftest_Linux_x86_64.tar.gz | tar xz && sudo mv conftest /usr/local/bin/
$ conftest test --policy ./policy --output sarif . > opa-results.sarif

Run OPA in CI

Scan on every push and upload the results to Vulnetix:

- name: Install conftest
  run: |
    curl -L https://github.com/open-policy-agent/conftest/releases/latest/download/conftest_Linux_x86_64.tar.gz | tar xz
    sudo mv conftest /usr/local/bin/

- name: Run OPA policy tests
  run: conftest test --policy ./policy --output sarif . > opa-results.sarif

- name: Upload to Vulnetix
  run: vulnetix upload --file opa-results.sarif

Centralise OPA results in Vulnetix

Upload OPA JSON, SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

OPA documentation ↗  ·  Source repository ↗

Wire OPA into your CI/CD pipeline →