The Open Policy Containers project makes it easy to build Open Policy Agent policies into OCI images.
A policy that is packaged as an OCI image can be tagged just like any container image. It can also be signed using tools like
To get started you need two things:
policyCLI, which is used to manage policy images, and is modeled after
- A container registry that supports pulling and pushing artifacts of the OCI media type (
Container registries that
policy has been tested with include:
- AWS Elastic Container Registry (
- Docker Hub (
- GitHub Container Registry (
- Google Container Registry (
- Open Policy Container Registry (
Download the CLI
To get started, you'll need to download the
Follow our 5 minute tutorial to get a flavor for what
policy can do for you.