The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. OPA is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the CNCF announcement.
https://www.openpolicyagent.orgTags | opa policy declarative json compliance cloud-native authorization doge |
Implementation | Go |
License | Apache |
Platform | Windows MacOS Linux |
ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.
hydra oauth2 openid-connect docker server security authorization identity federation cloud cloud-native ssoOpa is a concise and elegant language for writing scalable and distributed web applications. Opa pushes boundaries of the state of the art in web security by making its application immune to XSS attacks, SQL injections and more. Opa is designed to get you to your finished app faster, concentrating only on the interesting parts, without the hassle of writing the glue or of using a programming language against its original design.
web-development web-framework cloud programming-languageWelcome to Trireme, an open-source library curated by Aporeto to provide cryptographic isolation for cloud-native applications. Trireme-lib is a Zero-Trust networking library that makes it possible to setup security policies and segment applications by enforcing end-to-end authentication and authorization without the need for complex control planes or IP/port-centric ACLs and east-west firewalls. Trireme-lib supports both containers and Linux processes as well user-based activation, and it allows security policy enforcement between any of these entities.
Casbin is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various access control models. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.
casbin etcd access-control authorization rbac abac acl auth authz permissionCasbin-RS is a powerful and efficient open-source access control library for Rust projects. It provides support for enforcing authorization based on various access control models. In casbin-rs, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.
casbin access-control authorization rbac abac acl auth authz permissionOpa is a functional programming language for the Web, that compiles to JavaScript. There are real applications fully developed with Opa such as the PEPS Communication Platform, RiskyBird and many others.This repository contains all the sources of both the Opa compiler and the Opa library.
mongodb-driver mongodb-library mongodb-clientCasbin.NET is a powerful and efficient open-source access control library for .NET (C#) projects. It provides support for enforcing authorization based on various access control models. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.
casbin access-control authorization rbac abac acl auth permission authzAction Policy is an authorization framework for Ruby and Rails applications. Action Policy relies on resource-specific policy classes (just like Pundit).
rails authorizationNextcloud Files is an on-premise, open source file sync and share solution designed to be easy-to-use and highly secure. You can store your files, contacts, calendars and more on the server. It provides real-time collaboration and instant access to all data from any device, anywhere. Access data from FTP, Windows Network Drive, SharePoint, NFS, Object storage and more. It is designed with compliance in mind, providing extensive data policy enforcement, encryption, user management and auditing capabilities.
file-sharing file-storage collaboration cloud self-hosting owncloud cloud-file-sharing dropbox-alternativeManageIQ is an open-source Management Platform that delivers the insight, control, and automation that enterprises need to address the challenges of managing hybrid IT environments.
infrastructure-management containers vmware rhev ovirt amazon management ansible google-cloud azure openstack kubernetes openshift hawkular nuage foremanWazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.
ossec security loganalyzer compliance monitoring intrusion-detection policy-monitoring openscap security-hardening ids pci-dss file-integrity-management log-analysis vulnerability-detection incident-response threat-detectionOpen WS-Policy,an Open Source Web Services Policy Framework implementation,is a set of open source Java libraries that implement the ws-policy specifications.
Refer to Canal/flannel Hosted Install for up to date installation directions and manifests. This repo is deprecated and no further updates are expected here. Canal is a community-driven initiative that aims to allow users to easily deploy Calico and flannel networking together as a unified networking solution - combining Calico’s industry-leading network policy enforcement with the rich superset of Calico and flannel overlay and non-overlay network connectivity options.
Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.
csp csp-header json-configuration csp-builder content-security-policy http http-header easy-to-use secure-by-default security xss cross-site-scriptingCrossplane is an open source multicloud control plane. It introduces workload and resource abstractions on-top of existing managed services that enables a high degree of workload portability across cloud providers. A single crossplane enables the provisioning and full-lifecycle management of services and infrastructure across a wide range of providers, offerings, vendors, regions, and clusters. Crossplane offers a universal API for cloud computing, a workload scheduler, and a set of smart controllers that can automate work across clouds. Crossplane presents a declarative management style API that covers a wide range of portable abstractions including databases, message queues, buckets, data pipelines, serverless, clusters, and many more coming. It’s based on the declarative resource model of the popular Kubernetes project, and applies many of the lessons learned in container orchestration to multicloud workload and resource orchestration.
kubernetes cloud-computing cloud-native containers serverless multicloudAWS Amplify provides a declarative and easy-to-use interface across different categories of cloud operations. AWS Amplify goes well with any JavaScript based frontend workflow, and React Native for mobile developers. Our default implementation works with Amazon Web Services (AWS), but AWS Amplify is designed to be open and pluggable for any custom backend or service.
react cloud-service metrics react-native aws aws-apigateway aws-cognito pinpoint aws-mobile aws-mobilehub aws-s3 mobile-analytics pwa analytics storage cognito amazon-cognitoAWS Amplify provides a declarative and easy-to-use interface across different categories of cloud operations. AWS Amplify goes well with any JavaScript based frontend workflow, and React Native for mobile developers. Our default implementation works with Amazon Web Services (AWS), but AWS Amplify is designed to be open and pluggable for any custom backend or service.
react cloud-service metrics react-native aws aws-apigateway aws-cognito pinpoint aws-mobile aws-mobilehub aws-s3 mobile-analytics pwa analytics storage cognito amazon-cognitoThe awacs library allows for easier creation of AWS Access Policy Language JSON by writing Python code to describe the AWS policies. To facilitate catching policy format or JSON errors early the library has property and type checking built into the classes. NOTE: The old awacs.aws.Policy object is going to be deprecated in the future, in preference for the awacs.aws.PolicyDocument class. This is due to confusion that arises between the old object and troposphere.iam.Policy objects.
aws-iamInSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.
audit inspec security compliance devsec devops tdd-utilities tdd spec testingInSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.
audit inspec security compliance devsec devops tdd-utilities tdd spec testing
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.