1# Adopters 2 3<!-- Hello! If you are using OPA and contributing to this file, thank you! --> 4<!-- Please keep lines shorter than 80 characters (or so.) Links can go long. --> 5 6This is a list of organizations that have spoken publicly about their adoption or 7production users that have added themselves (in alphabetical order): 8 9* [Atlassian](https://www.atlassian.com/) uses OPA in a heterogeneous cloud 10 environment for microservice API authorization. OPA is deployed per-host and 11 inside of their Slauth (AAA) system. Policies are tagged and categorized 12 (e.g., platform, service, etc.) and distributed via S3. Custom log infrastructure 13 consumes decision logs. For more information see this talk from [OPA Summit 2019](https://www.youtube.com/watch?v=nvRTO8xjmrg). 14 15* [bol.com](https://www.bol.com/) uses OPA for a mix of 16 validating and mutating admission control use cases in their 17 Kubernetes clusters. Use cases include patching image pull secrets, 18 load balancer properties, and tolerations based on contextual 19 information stored on namespaces. OPA is deployed on multiple 20 clusters with ~100 nodes and ~300 namespaces total. 21 22* [BNY Mellon](https://www.bnymellon.com/) uses OPA as a sidecar to enforce access 23 control over applications based on external context coming from AD and other 24 internal services. For more information see this talk from [QCon 2019](https://www.infoq.com/presentations/opa-spring-boot-hocon/). 25 26* [Capital One](https://www.capitalone.com/) uses OPA to enforce a variety of 27 admission control policies across their Kubernetes clusters including image 28 registry whitelisting, label requirements, resource requirements, container 29 privileges, etc. For more information see this talk from [KubeCon US 2018](https://www.youtube.com/watch?v=CDDsjMOtJ-c&t=6m35s) 30 and this talk from [OPA Summit 2019](https://www.youtube.com/watch?v=vkvWZuqSk5M). 31 32* [Chef](https://www.chef.io/) integrates OPA to implement IAM-style 33 access control and enumerate user->resource permissions in Chef 34 Automate V2. The integration utilizes OPA's Partial Evaluation 35 feature to reduce evaluation time (in exchange for higher update 36 latency.) A high-level description can be found [in this blog 37 post](https://blog.chef.io/2019/01/24/introducing-the-chef-automate-identity-access-management-version-two-iam-v2-beta/), 38 and the code is Open Source, [see 39 `github.com/chef/automate`](https://github.com/chef/automate/tree/master/components/authz-service). 40 41* [Cloudflare](https://www.cloudflare.com/) uses OPA as a validating 42 admission controller to prevent conflicting Ingresses in their 43 Kubernetes clusters that host a mix of production and test 44 workloads. 45 46* [Fugue](https://fugue.co) is a cloud security SaaS that uses OPA to 47 classify compliance violations and security risks in AWS and Azure 48 accounts and generate compliance reports and notifications. 49 50* [Goldman Sachs](https://www.goldmansachs.com/) uses OPA to enforce admission control 51 policies in their multi-tenant Kubernetes clusters as well as for _provisioning_ 52 RBAC, PV, and Quota resources that are central to the security and operation of 53 these clusters. For more information see this talk from [KubeCon US 2019](https://www.youtube.com/watch?v=lYHr_UaHsYQ). 54 55* [Intuit](https://www.intuit.com/company/) uses OPA as a validating 56 and mutating admission controller to implement various security, 57 multi-tenancy, and risk management policies across approximately 50 58 clusters and 1,000 namespaces. For more information on how Intuit 59 uses OPA see [this talk from KubeCon Seattle 2018](https://youtu.be/CDDsjMOtJ-c?t=980). 60 61* [Medallia](https://www.medallia.com/) uses OPA to audit AWS 62 resources for compliance violations. The policies search across 63 state from Terraform and AWS APIs to identify security violations 64 and identify high-risk configurations. The policies ingest 1,000s of 65 AWS resources to generate the final report. 66 67* [Netflix](https://www.netflix.com) uses OPA as a method of enforcing 68 access control in microservices across a variety of languages and 69 frameworks for thousands of instances in their cloud 70 infrastructure. Netflix takes advantage of OPA's ability to bring in 71 contextual information and data from remote resources in order to 72 evaluate policies in a flexible and consistent manner. For a 73 description of how Netflix has architected access control with OPA 74 check out [this talk from KubeCon Austin 2017](https://www.youtube.com/watch?v=R6tUNpRpdnY). 75 76* [Pinterest](https://www.pinterest.com/) uses OPA to solve multiple policy-related use cases 77 including access control in Kafka, Envoy, and Jenkins! At peak, their Kafka-OPA 78 integration handles ~400K QPS without caching. With caching the system 79 handles ~8.5M QPS. For more information see this talk from [OPA Summit 2019](https://www.youtube.com/watch?v=LhgxFICWsA8). 80 81* [Plex Systems](https://www.plex.com) uses OPA to enforce policy throughout 82 their entire release process; from local development to continuous production 83 audits. The CI/CD pipelines at Plex leverage [conftest](https://github.com/instrumenta/conftest), 84 a policy enforcement tool that relies on OPA, to automatically reject changes that do not adhere 85 to defined policies. Plex also uses 86 [Gatekeeper](https://github.com/open-policy-agent/gatekeeper), a Kubernetes policy controller, as 87 a means to enforce policies within their Kubernetes clusters. The general-purpose nature of OPA 88 has enabled Plex to have a consistent means of policy enforcement, 89 no matter the environment. 90 91* [SAP/InfraBox](https://github.com/SAP/Infrabox) integrates OPA to 92 implement authorization over HTTP API resources. OPA policies 93 evaluate user and permission data replicated from Postgres to make 94 access control decisions over projects, collaborators, jobs, 95 etc. SAP/Infrabox is used in production within SAP and has several 96 external users. 97 98* [Tremolo Security](https://www.tremolosecurity.com/) uses OPA at a 99 London-based financial services company to inject annotations and 100 volume mount parameters into Kubernetes Pods so that workloads can 101 connect to off-cluster CIFS drives and SQL Server 102 instances. Policies are based on external context sourced from 103 OpenUnison. Ability to validate policies offline is a huge win 104 because the clusters are air-gapped. For more information on how 105 Tremolo Security uses OPA see [this blog post](https://www.tremolosecurity.com/beyond-rbac-in-openshift-open-policy-agent/). 106 107* [Tripadvisor](http://tripadvisor.com/) uses OPA to enforce 108 admission control policies in Kubernetes. In the process of rolling out OPA, 109 they created an integration testing framework that verifies clusters are accepting 110 and rejecting the right objects when OPA is deployed. For more information see 111 this talk from [OPA Summit 2019](https://www.youtube.com/watch?v=X09c1eXvCFM). 112 113* [Very Good Security (VGS)](https://www.vgs.io/) integrates OPA to 114 implement a fine-grained permission system and enumerate 115 user->resource permissions in their product. The backend is 116 architected as a collection of (polyglot) microservices running on 117 Kubernetes that offload policy decisions to OPA sidecars. VGS has 118 implemented a synchronization protocol on top of the Bundle and 119 Status APIs so that the system can determine when permission updates 120 have propagated. For more details on the VGS use case see these blog posts: 121 [part 1](https://blog.verygoodsecurity.com/posts/building-a-fine-grained-permission-system-in-a-distributed-environment), 122 [part 2](https://blog.verygoodsecurity.com/posts/building-a-fine-grained-permissions-system-in-a-distributed-environment). 123 124* [Yelp](https://www.yelp.com/) use OPA and Envoy to enforce authorization policies 125 across a fleet of microservices that evolved out of a monolithic architecture. 126 For more information see this talk from [KubeCon US 2019](https://www.youtube.com/watch?v=Z6aN3Smt-9M). 127 128In addition, there are several production adopters that prefer to 129remain anonymous. 130 131* **A Fortune 100 company** uses OPA to implement validating admission 132 control and fine-grained authorization policies on ~10 Kubernetes 133 clusters with ~1,000 nodes. They also integrate OPA into their PKI 134 as part of a Certificate RA that serves these clusters. 135 136This is a list of adopters in early stages of production or 137pre-production (in alphabetical order): 138 139* [Cyral](https://www.cyral.com/) is a venture-funded data security 140 company. Still in stealth mode but using OPA to manage and enforce 141 fine-grained authorization policies. 142 143* [ORY Keto](https://github.com/ory/keto) replaced their internal 144 decision engine with OPA. By leveraging OPA, ORY Keto was able to 145 simplify their access control server implementation while retaining 146 the ability to easily add high-level models like ACLs and RBAC. In 147 December 2018, ~850 ORY Keto instances were running in a mix of 148 pre-production and production environments. 149 150* [Spacelift](https://spacelift.io) is a specialized CI/CD platform 151 for infrastructure-as-code. Spacelift is [using OPA](https://docs.spacelift.io/concepts/policy) to provide flexible, 152 fine-grained controls at various application decision points, including 153 automated code review, defining access levels or blocking execution of 154 unwanted code. 155 156Other adopters that have gone into production or various stages of 157testing include: 158 159* [Cisco](https://www.cisco.com/) 160* [Nefeli Networks](https://nefeli.io) 161* [SolarWinds](https://www.solarwinds.com/) via [Lee Calcote](https://github.com/leecalcote) 162* [State Street Corporation](http://www.statestreet.com/) 163 164If you have adopted OPA and would like to be included in this list, 165feel free to submit a PR. 166