Lesson 7 / 17
Policy as code with OPA
Guardrails are rules you author, version, and test, not settings buried in a console. Key points:
- Policy ships as code with Open Policy Agent. Rules live in your repo, are reviewed, versioned, and tested like any other code.
- Pre-built policy bundles map to common control sets so you start from a baseline instead of writing every rule from scratch. They are bundles mapped to frameworks, not a certification or a claim of compliance.
- What blocks a release lives in a file you can read and test. That is the whole value: the rule is auditable, and you can prove what it does before it runs.