Conftest - CI/CD Glossary Definition
Conftest runs OPA/Rego policies against config files from the command line, making it a natural CI gate.
Conftest is a command-line tool that tests structured configuration files (YAML, JSON, HCL, Dockerfile) against Rego policies using the OPA engine.
Conftest brings policy as code directly into pipelines without a running cluster, evaluating any structured config against your rules.
Common usage
A step like conftest test deployment.yaml returns a non-zero exit code when a policy fails, so the build stops on a violation.
Related guides
Open Policy Agent (OPA) - CI/CD Glossary DefinitionOpen Policy Agent (OPA): Open Policy Agent (OPA) is a general-purpose policy engine that evaluates rules writ…
Rego - CI/CD Glossary DefinitionRego: Rego is the declarative query language used by Open Policy Agent to express policy rules as logic over…
Compliance Scanning - CI/CD Glossary DefinitionCompliance Scanning: Compliance scanning is the automated inspection of code, configuration, images, or infra…