Search Results for "using"
Sort By:
Showing 54 open source projects for "using"
View related business solutions-
Find Hidden Risks in Windows Task SchedulerWindows Task Scheduler might be hiding critical failures. Download the free JAMS diagnostic tool to uncover problems before they impact production—get a color-coded risk report with clear remediation steps in minutes.
-
Vibes don’t ship, Retool doesVibe coding tools create cool demos, but Retool helps you build software your company can actually use. Generate internal apps that connect directly to your data—deployed in your cloud with enterprise security from day one. Build dashboards, admin panels, and workflows with granular permissions already in place. Stop prototyping and ship on a platform that actually passes security review.
-
1
syft
CLI tool and library for generating a Software Bill of Materials
...Supports OCI, Docker and Singularity image formats. Linux distribution identification. Works seamlessly with Grype (a fast, modern vulnerability scanner). Able to create signed SBOM attestations using the in-toto specification. Convert between SBOM formats, such as CycloneDX, SPDX, and Syft's own format. -
2
Kubeguard Guard
Kubernetes Authentication & Authorization WebHook Server
Guard by AppsCode is a Kubernetes Webhook Authentication server. Using guard, you can log into your Kubernetes cluster using various auth providers. Guard also configures groups of authenticated user appropriately. This allows cluster administrators to setup RBAC rules based on membership in groups. -
3
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security. The volume argument allows the Amass graph database to persist between executions and output files to be accessed on the host system. ... -
4
kubelogin
kubectl plugin for Kubernetes OpenID Connect authentication
...The other install methods do this for you. If the cached ID token is valid, kubelogin just returns it. If the cached ID token has expired, kubelogin will refresh the token using the refresh token. If the refresh token has expired, kubelogin will perform re-authentication (you will have to login via browser again). -
Atera all-in-one platform IT management software with AI agentsAtera’s AI agents don’t just assist, they act. From detection to resolution, they handle incidents and requests instantly, taking your IT management from automated to autonomous.
-
5
Kubernetes Dashboard
General-purpose web UI for Kubernetes clusters
...Make sure that you know what you are doing before proceeding. Granting admin privileges to Dashboard's Service Account might be a security risk. In most cases after provisioning cluster using kops, kubeadm or any other popular tool, the ClusterRole cluster-admin already exists in the cluster. We can use it and create only ClusterRoleBinding for our ServiceAccount. If it does not exist then you need to create this role first and grant required privileges manually. -
6
OAuth2 Proxy
A reverse proxy that provides authentication with Google, Azure, etc.
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. If you are running a version older than v6.0.0 we strongly recommend you please update to the current version. After returning from the authentication provider, the OAuth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set. -
7
Lantern
Tool to access videos, messaging, and other popular apps
...Lantern passed multiple third party white box security audits to ensure security of our code. Lantern is easy to use, just download and install to start streaming, browsing and using apps, no configuration required. No installation, no registration, no registration, no configuration, just click and go! All you have to do is install it and hit the POWER button! Don't wait forever for your applications to load or the website to appear in your browser. Connect with Lantern and get there fast! -
8
Tracee
Linux Runtime Security and Forensics using eBPF
Tracee is a runtime security and observability tool that helps you understand how your system and applications behave. It is using eBPF technology to tap into your system and expose that information as events that you can consume. Events range from factual system activity events to sophisticated security events that detect suspicious behavioral patterns. -
9
grype
A vulnerability scanner for container images and filesystems
...The destination directory doesn't need to be /usr/local/bin, it just needs to be a location found in the user's PATH and writable by the user that's installing Grype. If you're using GitHub Actions, you can simply use our Grype-based action to run vulnerability scans on your code or container images during your CI workflows. -
Desktop and Mobile Device Management SoftwareDesktop Central is a unified endpoint management (UEM) solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.
-
10
gorush
A push notification server written in Go (Golang)
A push notification micro server using Gin framework written in Go (Golang) and see the demo app. Support graceful shutdown that workers and queue have been sent to APNs/FCM before shutdown service. Support different Queue as backend like NSQ or NATS, defaut engine is local Channel. You can deploy gorush to alternative solution like netlify functions. Netlify lets you deploy serverless Lambda functions without an AWS account, and with function management handled directly within Netlify. ... -
11
sbctl
Secure Boot key manager
sbctl intends to be a user-friendly secure boot key manager capable of setting up secure boot, offering key management capabilities, and keeping track of files that need to be signed in the boot chain. It is written top-to-bottom in Golang using go-uefi for the API layer and doesn't rely on existing secure boot tooling. It also tries to sport some integration testing towards tianocore utilizing vmtest. -
12
Kubeapps
A web-based UI for deploying and managing applications in Kubernetes
...Browse and deploy packages from public and private registries. Perform day-two operations such as upgrades or rollbacks seamlessly. Create and manage different catalogs isolating them in different namespaces and clusters just using a single Kubeapps instance. Leverage RBAC and OAuth2/OIDC to authenticate and authorize users in Kubeapps. -
13
Terrascan
Detect compliance and security violations across Infrastructure
...Terracan provides 500+ out-of-the-box policies so that you can scan IaC against common policy standards such as the CIS Benchmark. It leverages the Open Policy Agent (OPA) engine so that you can easily create custom policies using the Rego query language. Monitor provisioned cloud infrastructure for configuration changes that introduce posture drift, and enables reverting to a secure posture. Detect security vulnerabilities and compliance violations. -
14
SLSA GitHub Generator
Language-agnostic SLSA provenance generation for Github Actions
This repository contains free tools to generate and verify SLSA Build Level 3 provenance for native GitHub projects using GitHub Actions. Developers can build their software using a secure process that protects against many supply chain attacks and tampering. Users of their software can verify a tamper-proof statement of the process to know how the software was created. -
15
SOPS
Simple and flexible tool for managing secrets
...We rewrote Sops in Go to solve a number of deployment issues, but the Python branch still exists under python-sops. We will keep maintaining it for a while, and you can still pip install sops, but we strongly recommend you use the Go version instead. If you're using AWS KMS, create one or multiple master keys in the IAM console and export them, comma separated, in the SOPS_KMS_ARN env variable. It is recommended to use at least two master keys in different regions. If you want to use PGP, export the fingerprints of the public keys, comma separated, in the SOPS_PGP_FP env variable. -
16
Ligolo-ng
An advanced, yet simple, tunneling/pivoting tool
...You can easily hit more than 100 Mbits/sec. Here is a test using iperf from a 200Mbits/s server to a 200Mbits/s connection. -
17
kcp Kubernetes
Kubernetes-like control planes for form-factors
kcp can be a building block for SaaS service providers who need a massively multi-tenant platform to offer services to a large number of fully isolated tenants using Kubernetes-native APIs. The goal is to be useful to cloud providers as well as enterprise IT departments offering APIs within their company. kcp takes full advantage of Kubernetes API conventions, the glue that binds the cloud-native technology ecosystem together and imbues Kubernetes popular end-user experience, but kcp has unbound it from Kubernetes workload orchestration and clusters. kcp implements fully-isolated workspaces, each acting as its own Kubernetes-like cluster, with its own URL, its own set of APIs (e.g. different CRDs), its own RBAC, but as cheap and quick as a namespace. -
18
CFSSL
Cloudflare's PKI and TLS toolkit
CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates. It requires Go 1.12+ to build. Note that certain linux distributions have certain algorithms removed (RHEL-based distributions in particular), so the golang from the official repositories will not work. Users of these distributions should install go manually to install CFSSL. You can set the GOOS and GOARCH environment variables to have... -
19
ZITADEL
Identity infrastructure, simplified for you
...Streamline your application development with our all-in-one identity suite. Designed for all user types, be it consumers, businesses, or employees. Offload complex tasks by using our API as solid abstractions. Benefit from an adaptable identity infrastructure with custom code extensions and robust security defaults. -
20
CrowdSec
Firewall able to analyze visitor behavior & provide adapted response
CrowdSec - an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network. Crowdsec shouldn't, and didn't crash any production so far we know, but some features might be missing or undergo evolutions. IP Blocklists are limited to very-safe-to-ban IPs only (~5% of the global database so far, will grow soon). A modern... -
21
Alertmanager
Prometheus Alertmanager
...It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It also takes care of silencing and inhibition of alerts. Precompiled binaries for released versions are available in the download section on prometheus.io. Using the latest production release binary is the recommended way of installing Alertmanager. The current Alertmanager API is version 2. This API is fully generated via the OpenAPI project and Go Swagger with the exception of the HTTP handlers themselves. A HTML rendered version can be accessed and clients can be easily generated via any OpenAPI generator for all major languages. -
22
SafeLine
Serve as a reverse proxy to protect your web services from attacks
...By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application. -
23
kube2iam
Provides different AWS IAM roles for pods running on Kubernetes
Provide IAM credentials to containers running inside a Kubernetes cluster based on annotations. Traditionally in AWS, service level isolation is done using IAM roles. IAM roles are attributed through instance profiles and are accessible by services through the transparent usage by the aws-sdk of the ec2 metadata API. When using the aws-sdk, a call is made to the EC2 metadata API which provides temporary credentials that are then used to make calls to the AWS service. The problem is that in a multi-tenanted containers based world, multiple containers will be sharing the underlying nodes. ... -
24
Step Certificates
A private certificate authority (X.509 & SSH) & ACME server
Open Source step-ca provides the infrastructure, automations, and workflows to securely create and operate a private certificate authority. step-ca makes it easy for developers, operators and security teams to manage certificates for production workloads. Get a public key infrastructure and certificate authority running in minutes. Automate enrollment using ACME, OIDC, one-time tokens, cloud APIs and more. Use systemD timers, daemon mode, cron jobs, CI/CD, and more to automate certificate management. Build and operate systems using secure open standards (e.g. X.509, mTLS, JWT, OAuth, OIDC). step-ca is an online certificate authority for secure, automated certificate management. For people, in exchange for single sign-on ID tokens. ... -
25
Vault
Tool for secrets management and encryption as a service
Manage secrets and protect sensitive data. Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. The shift from static, on-premise infrastructure to dynamic, multi-provider infrastructure changes the approach to security. Security in static infrastructure relies on dedicated servers, static IP addresses, and a clear network perimeter. Security in dynamic infrastructure is defined by ephemeral applications and servers, trusted sources of user and application identity, and software-based encryption. ...
