We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, hybrid.OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. Hydra is a secure, high performance, cloud native OAuth2 and OpenID Connect service that integrates with every authentication method imaginable and is built on top of Fosite.
oauth oauth2 library sdk security auth authentication authorization openid-connect oauth2-server oauth2-providerhydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure
ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.
hydra oauth2 openid-connect docker server security authorization identity federation cloud cloud-native ssosyzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer
syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.
kernel fuzz-testing fuzzing fuzzer testing security security-vulnerability security-toolsoss-fuzz - OSS-Fuzz - continuous fuzzing of open source software
Status: Beta. We are now accepting applications from widely-used open source projects.Create New Issue for questions or feedback about OSS-Fuzz.
fuzzing security stabilityGoogle Authenticator - Two factor authentication
The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
authentication one-time-password password-generator security password pam otphonggfuzz - Security oriented fuzzer with powerful analysis options
A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for more data on the usage.The examples directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the OpenSSL library and in the Apache web server.
fuzzing securityIdentityServer4 - OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Founded and maintained by Dominick Baier and Brock Allen, IdentityServer4 incorporates all the protocol implementations and extensibility points needed to integrate token-based authentication, single-sign-on and API access control in your applications. IdentityServer4 is officially certified by the OpenID Foundation and thus spec-compliant and interoperable. It is part of the .NET Foundation, and operates under their code of conduct. It is licensed under Apache 2 (an OSI approved license).For project documentation, please visit readthedocs.
openid-connect oauth2 aspnet-core security identity identityserver4streamalert - StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
security kinesis serverless terraform lambda aws rules analysis datansp - node security platform command-line tool
The results of the check command may be altered based on either a filter or threshold.Please note that in case of naming conflicts built-in reporters (as listed above) take precedence. For instance, nsp-reporter-json would never be used since nsp ships with a json formatter.
security nsp nodesecuritysnyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.
security monitor snyk vulnerabilitiesPortus - Authorization service and frontend for Docker registry (v2)
Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs. Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka docker pull) and write (aka docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in our documentation page about it.
docker-distribution docker security containers railspouch - Pouch is an open-source project created to promote the container technology movement.
Pouch is an open-source project created by Alibaba Group to promote the container technology movement. Pouch's vision is to advance container ecosystem and promote container standards OCI(Open Container Initiative), so that container technologies become the foundation for application development in the Cloud era.
containers oci security efficiency package cloud-nativeOpenSSL - Toolkit for SSL and TLS
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
ssl tls cryptography securitymanticore - Symbolic execution tool
Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Manticore is supported on Linux and requires Python 2.7. Ubuntu 16.04 is strongly recommended. Ethereum smart contract analysis requires the solc program in your $PATH.
symbolic-execution z3 taint-analysis binary-analysis emulation smt program-analysis security ethereum blockchain testinghawk - ✔️ Secure, simple key-value storage for Android
✔️ Secure, simple key-value storage for Android
hawk storage android key-value-store encryption security sharedpreferences preferencesandroid-security-awesome - A collection of android security related resources
A collection of android security related resources. Other amazingly awesome lists can be found in the awesome-awesomeness list.
awesome-list awesome list android securitylabs - This is a collection of tutorials for learning how to use Docker with various tools
This repo contains Docker labs and tutorials authored both by Docker, and by members of the community. We welcome contributions and want to grow the repo.
docker-tutorial lab swarm docker docker-compose swarm-mode orchestration security containersexpress-gateway - A microservices API Gateway built on top of ExpressJS
Express Gateway is an API Gateway that sits at the heart of any microservices architecture, regardless of what language or platform you're using. Express Gateway secures your microservices and exposes them through APIs using Node.js, ExpressJS and Express middleware. Developing microservices, orchestrating and managing them now can be done insanely fast all on one seamless platform without having to introduce additional infrastructure. Express Gateway is commerically supported LunchBadger. For more information about support plans please contact info@express-gateway.io.
api-gateway expressjs express-middleware microservices oauth2 oauth2-server express-gateway microservice security endpoints service-discovery apis rest express middleware policies pipelines nodejs-gatewayKeyBox - Web-based SSH console that centrally manages administrative access to systems
KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.
ssh ssh-console system-admin key-management ssl tls security
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
