redhat-cop/rego-policies

GitHub: redhat-cop/rego-policies

Red Hat 社区实践团队维护的 OPA Rego 策略集合，为 Kubernetes/OpenShift 集群提供开箱即用的策略治理模板。

Stars: 169 | Forks: 35

[![使用 OPA/Regal 对策略进行 Lint 检查](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/61a8fd78b0191318.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/regal-lint.yaml) [![运行 conftest-unittests.sh](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/19f0c236d4191320.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/conftest-unittests.yaml) [![运行 gatekeeper-k8s-integrationtests.sh](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/6fb3cc36f2191321.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/gatekeeper-k8s-integrationtests.yaml) [![运行 pre-commit](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/afc63ab601191323.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/precommit-validate.yml) [![Scorecard 供应链安全](https://static.pigsec.cn/wp-content/uploads/repos/2026/05/e91b8544ce191325.svg)](https://github.com/redhat-cop/rego-policies/actions/workflows/scorecard.yml) # rego-policies [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) 策略集合。 ## 策略有关策略的完整列表，请参阅自动生成的 [POLICIES.md](POLICIES.md) 策略的命名遵循 Gatekeeper 格式，如[此处](https://github.com/plexsystems/konstraint/blob/main/docs/constraint_creation.md#resource-naming)所述。想在 k8s/OCP 集群上运行这些策略吗？请参阅 [TESTING.md](TESTING.md) ## 工具 ### Conftest conftest 是一个用于执行 rego 策略的 CLI。它可用于在推送到 [OPA](https://www.openpolicyagent.org/) 之前进行本地测试。 - [https://www.conftest.dev/install](https://www.conftest.dev/install/) ### OPA Playground OPA 提供了一个基于 Web 的 playground，可以高亮显示已被激活的行。您的策略遇到问题了吗？开启“Coverage”来检查一下吧： - [https://play.openpolicyagent.org](https://play.openpolicyagent.org) ### 相关 Slack 交流遇到难题了吗？ - [https://slack.openpolicyagent.org/](https://slack.openpolicyagent.org/)

标签：Conftest, Groq API, OCP, OPA, OpenShift, Red Hat, Rego, 代码审查, 子域名突变, 安全防护, 策略即代码, 策略集合, 结构化提示词, 聊天机器人安全, 软件供应链, 靶场