Showing 146 open source projects for "rules"

View related business solutions
  • Ship Agents Faster Icon
    Ship Agents Faster

    Transform your applications and workflows into powerful agentic systems at global scale.

    Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
    Get Started Free
  • Save Up to 91% on Cloud Compute With Spot VMs Icon
    Save Up to 91% on Cloud Compute With Spot VMs

    Automatic sustained-use discounts. One free VM per month. No negotiation needed.

    Run batch jobs at 60-91% off with Spot VMs. Long-running workloads get automatic discounts with sustained use.
    Try Free
  • 1
    SCAP Security Guide

    SCAP Security Guide

    Security automation content in SCAP, Bash, Ansible, and other formats

    The purpose of this project is to create security policy content for various platforms, Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, SUSE Linux Enterprise Server (SLES), as well as products, Firefox, Chromium, JRE. We aim to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by...
    Downloads: 10 This Week
    Last Update:
    See Project
  • 2
    ScubaGear

    ScubaGear

    Automation to assess the state of your M365 tenant against CISA

    ScubaGear is a PowerShell-based assessment tool developed by CISA to verify that Microsoft 365 tenant configuration aligns with Secure Cloud Business Application (SCuBA) baselines. It automates scanning of M365 environments like Exchange, Defender, Teams, and SharePoint, and outputs compliance reports to help administrators align with best practice security configurations.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 3
    ShadowsocksX-NG

    ShadowsocksX-NG

    Next Generation of ShadowsocksX

    ShadowsocksX-NG is the new ShadowsocksX, a secure socks5 proxy for accessing restricted sites or services on macOS. ShadowsocksX-NG was created separately from the original implementation as there had been too much unused code and dependencies of the ss-local source code in the original that had to be maintained. As such it was difficult to update. ShadowsocksX-NG has just a copy of ss-local from Homebrew, and its GUI code has been rewritten in Swift. It now runs as a background service...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 4
    CASL

    CASL

    CASL is an isomorphic authorization JavaScript library

    CASL is an isomorphic authorization JavaScript library that restricts what resources a given user is allowed to access. It's designed to be incrementally adoptable and can easily scale between a simple claim-based and fully featured subject and attribute-based authorization. It makes it easy to manage and share permissions across UI components, API services, and database queries.
    Downloads: 1 This Week
    Last Update:
    See Project
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • 5
    Kubeguard Guard

    Kubeguard Guard

    Kubernetes Authentication & Authorization WebHook Server

    ...Using guard, you can log into your Kubernetes cluster using various auth providers. Guard also configures groups of authenticated user appropriately. This allows cluster administrators to setup RBAC rules based on membership in groups.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 6
    uBlacklist

    uBlacklist

    Blocks specific sites from appearing in Google search results

    uBlacklist is a Google Search filter for Chrome and Firefox. uBlacklist requires many site permissions on install. They are necessary to support all domains where Google Search is provided (google.com, google.ac, google.ad, ...). You can install uBlacklist from Chrome Web Store, Firefox Add-ons or Mac App Store. To block a site that you are looking at from appearing on the search result page, click the toolbar icon. A "Block this site" dialog will be shown. In recent versions of Chrome, the...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 7
    Alerta

    Alerta

    Alerta monitoring system

    Email was not designed to be used as an alert console. It is not a scalable solution when it comes to monitoring and alert visualization. A minimal installation of Alerta can be deployed quickly and easily as monitoring requirements and confidence grow. There are integrations available with Prometheus, Riemann, Nagios, Zabbix, netdata, Sensu, Pingdom and Cloudwatch. Integrating bespoke systems is easy using the API or command-line tool. Alerts are submitted in JSON format to an HTTP API....
    Downloads: 0 This Week
    Last Update:
    See Project
  • 8
    go-mitmproxy

    go-mitmproxy

    mitmproxy implemented with golang

    go-mitmproxy is a Golang implementation of mitmproxy that supports man-in-the-middle attacks and parsing, monitoring, and tampering with HTTP/HTTPS traffic. Parses HTTP/HTTPS traffic and displays traffic details via a web interface. Supports a plugin mechanism for easily extending functionality. Various event hooks can be found in the examples directory. HTTPS certificate handling is compatible with mitmproxy and stored in the ~/.mitmproxy folder. If the root certificate is already trusted...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 9
    tfsec

    tfsec

    Security scanner for your Terraform code

    tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take...
    Downloads: 1 This Week
    Last Update:
    See Project
  • Earn up to 16% annual interest with Nexo. Icon
    Earn up to 16% annual interest with Nexo.

    More flexibility. More control.

    Generate interest, access liquidity without selling, and execute trades seamlessly. All in one platform. Geographic restrictions, eligibility, and terms apply.
    Get started with Nexo.
  • 10
    How To Secure A Linux Server

    How To Secure A Linux Server

    An evolving how-to guide for securing a Linux server

    ...It focuses on step-by-step security improvements rather than abstract theory, making it accessible to administrators who need clear actions. The guide covers server setup, operating system choices, SSH hardening, firewall rules, user accounts, automatic updates, logging, intrusion prevention, and common web server considerations. It also includes dedicated material for kernel sysctl hardening and Nginx security. The project is not positioned as a complete enterprise compliance framework, but it provides a strong baseline for safer self-hosted servers. It is especially useful for developers, homelab users, and small teams who manage internet-facing Linux machines and want a checklist-style security reference.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 11
    Cerbos

    Cerbos

    Cerbos is the open core, language-agnostic authorization solution

    Cerbos is an authorization layer that evolves with your product. It enables you to define powerful, context-aware access control rules for your application resources in simple, intuitive YAML policies; managed and deployed via your Git-ops infrastructure. It provides highly available APIs to make simple requests to evaluate policies and make dynamic access decisions for your application. Decouple authorization management from your core code using the stateless Cerbos solution. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 12
    shadowsocks-libev

    shadowsocks-libev

    Bug-fix-only libev port of shadowsocks

    ...You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router. Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend setting up your server's firewall rules to limit connections from each user. We strongly encourage you to install shadowsocks-libev from jessie-backports-sloppy.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 13
    IdentityServer

    IdentityServer

    The most flexible and standards-compliant OpenID Connect and OAuth 2

    ...IdentityServer gives you full control over your UI, UX, business logic, and data. In IdentityServer, customizing your workflows is not an afterthought. Our APIs and extensibility points allow adapting to your workflows and business rules without having to find complicated workarounds. You can choose whichever UI framework or technology suits you best to integrate with our token engine. We believe that C# is the best DSL, don't bother with trying to express your logic in YAML, XML, or other "languages". In short, if what you want to achieve is doable in .NET Core, it is doable with IdentityServer. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 14
    Claude Code Security Reviewer

    Claude Code Security Reviewer

    An AI-powered security review GitHub Action using Claude

    ...It supports configuration inputs (which files/directories to skip, model timeout, whether to comment on the PR, etc). The tool is language-agnostic (it doesn’t need language-specific parsers), uses contextual understanding rather than simplistic rules, and aims to reduce noise with smarter filtering.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    kube-score

    kube-score

    Kubernetes object analysis with recommendations

    ...The output is a list of recommendations of what you can improve to make your application more secure and resilient. kube-score is open-source and available under the MIT-license. Container limits (should be set) Pod is targeted by a NetworkPolicy, both egress and ingress rules are recommended. Deployments and StatefulSets should have a PodDisruptionPolicy. Deployments and StatefulSets should have host PodAntiAffinity configured. For container probes, a readiness should be configured, and should not be identical to the liveness probe. Read more in README_PROBES.md. Container securityContext, run as a high number user/group, do not run as root or with privileged root fs. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16
    ClashX

    ClashX

    Rule-based proxy utility for macOS with intuitive menu bar interface

    ...KEY FEATURES: • HTTP/HTTPS and SOCKS5 proxy protocol support • VMess, Shadowsocks, Trojan, VLESS protocol support • Surge-compatible configuration format • GeoIP-based routing rules • TUN mode for system-wide proxying • URL Scheme support for quick config import • Universal binary — native support for both Intel and Apple Silicon Macs • Lightweight menu bar app with minimal resource usage • macOS 10.14 (Mojave) through macOS 15 (Sequoia) compatibility INSTALLATION: Download the latest .dmg from the Files section, or install via Homebrew: brew tap clashx-pro/clashx && brew install --cask clashx RESOURCES: • Official Website: https://clashx.tech • Documentation & Tutorial: https://clashx.tech/tutorial
    Leader badge
    Downloads: 38 This Week
    Last Update:
    See Project
  • 17

    OpenWrt Firewall CLI management tool

    OpenWrt Firewall CLI management tool

    OpenWrt Firewall CLI management tool for add/edit/delete zone, chains, traffic rules and etc.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18
    GoldBug - Encrypted Communications

    GoldBug - Encrypted Communications

    Chat Messenger. E-Mail-Client. Websearch. Filetransfer.

    GoldBug is a decentralized & secure communication suite that offers an integrated e-mail client, an instant messenger & a file transfer. Also included is an URL-RSS-DB & a p2p web search. Current vers. w/ McEliece Algorithm. GoldBug has been 2013 - 2023 ten years just another Graphical User Interface of the Spot-On Encryption Suite. Main GUI features: Minimal & colorful Interface with Tabs in the East. Microsoft & Qt MinGW deprecated Win32 & for Compiling: ●...
    Leader badge
    Downloads: 99 This Week
    Last Update:
    See Project
  • 19
    Chativa Pro — Self-Hosted E2EE Chat

    Chativa Pro — Self-Hosted E2EE Chat

    HD Audio & Video Calls, AI chatbot widget, Widget, Lifetime License

    Chativa Pro is a self-hosted, end-to-end encrypted (E2EE) messaging platform for SMEs. Protect your business secrets with private text, audio, and video conversations. Your data, your server, your rules. ══════════════════════ KEY FEATURES ══════════════════════ 🔒 E2EE Chat — Every message, file, and call is encrypted 📹 HD Video Calls — WebRTC-powered, one-on-one and group 🤖 AI Assistant — Gemini-powered smart replies and summaries 💬 Chat Widget — White-label, one script tag 🏠 100% Self-Hosted — Your server, works offline 💰 Lifetime License — $79 once, unlimited agents, no fees 🛡️ GDPR Compliant — Your data stays in your jurisdiction ══════════════════════ PERFECT FOR ══════════════════════ SMEs • IT Consultants • Agencies • Privacy Advocates
    Downloads: 1 This Week
    Last Update:
    See Project
  • 20

    Incident Response Automation

    Incident Response Automation Tool

    This tool simulates automated defensive actions, such as blocking an IP address on a firewall, in response to detected threats. Quick Start To use this tool, run the responder: # Block an IP address python lab_runner.py incident-response --ip 10.10.10.xxx --reason "Malicious Activity Detected"
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21
    PoshC2

    PoshC2

    C2 framework used to aid red teamers with post-exploitation

    ...These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX. Shellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth. Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security. Fully encrypted communications, protecting the confidentiality and integrity of the C2 traffic.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22

    Secure Protocol Format

    Generic binary protocol library that prevents injection attacks

    ...Guaranteeing equivalence in data interpretation, known as operational congruity, is achieved by separating fields of data on the basis of their length. When the length of the data is known, there is no risk of misinterpreting it on the basis of spaces or text delimiters. The Distinguished Encoding Rules, or DER, of the ASN.1 standard follows this approach but includes numerous constraints and, more importantly, demands that data fields to be described using binary metadata rather than text. The Secure Protocol Format, or SPF, was created as a simplified version of DER. In addition to delimiting data by length, it also affords programmers the ability to use text for describing data, just like tags are used in HTML and XML. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 23
    teler

    teler

    Real-time HTTP Intrusion Detection

    teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications. teler provides alerting when a threat is detected, push notifications...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24
    Cherrybomb

    Cherrybomb

    Cherrybomb is a CLI tool that helps you avoid undefined user behaviour

    ...Its main goal is to reduce security errors and ensure your API functions as intended. Cherrybomb makes sure your API is working correctly. It checks your API's spec file (OpenAPI Specification) for good practices and makes sure it follows the OAS rules. Then, it tests your API for common issues and vulnerabilities. If any problems are found, Cherrybomb gives you a detailed report with the exact location of the problem so you can fix it easily. With a configuration file, you can easily edit, view, Cherrybomb's options. The config file allows you to set the running profile, location of the oas file, the verbosity and ignore the TLS error. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 25
    Ultimate AppLocker Bypass List

    Ultimate AppLocker Bypass List

    The most common techniques to bypass AppLocker

    ...It is aimed primarily at defenders, incident responders, and security researchers who need a consolidated reference to understand common bypass vectors and to validate detection logic. The repository emphasizes defensive use—helping blue teams craft allow-list policies, create detection rules, and test policy hardening in isolated lab environments—rather than offensive exploitation.
    Downloads: 0 This Week
    Last Update:
    See Project
Auth0 Logo