Search Results for "kernel security"
Sort By:
Showing 110 open source projects for "kernel security"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Context for your AI agentsBuild data pipelines that feed your AI models and agents without managing infrastructure. Crawl any website, transform content, and push directly to your preferred vector store. Use 10,000+ tools for RAG applications, AI assistants, and real-time knowledge bases. Monitor site changes, trigger workflows on new data, and keep your AIs fed with fresh, structured information. Cloud-native, API-first, and free to start until you need to scale.
-
1
SerenityOS
The Serenity Operating System
SerenityOS is an open source Unix-like operating system project with its own custom kernel, graphical user interface, system libraries, and userland tools. It combines a nostalgic “90s UI aesthetic” with modern system capabilities: a preemptive, multi-threaded kernel, own browsers, network stack, file systems, IPC, security features, and a suite of graphical / developer applications. The project is both a hobbyist OS and a polished engineering sandbox. -
2
Tetragon
eBPF-based Security Observability and Runtime Enforcement
...Synchronous monitoring, filtering, and enforcement completely in the kernel with eBPF. -
3
MemGuard
Secure software enclave for storage of sensitive information in memory
This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go. Sensitive data is encrypted and authenticated in memory with XSalsa20Poly1305. The scheme used also defends against cold-boot attacks. Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage collector. Buffers that store... -
4
cat-catch
Cat scratch chrome resource sniffing extension
...Maozha is open source. Anyone can download and modify it and put it on the app store. There are already many fake Maozha with the ad code added. Please pay attention to your own data security. All installation addresses are subject to github and user documentation. Chromium kernel version 93 or later is required after version 1.0.17. If it is lower than 93, please use version 1.0.16. The extension is a general sniffing tool and has the same function as the browser DevTools. It does not decrypt any website. Any content downloaded by the user has nothing to do with the extension. ... -
Atera all-in-one platform IT management software with AI agentsAtera’s AI agents don’t just assist, they act. From detection to resolution, they handle incidents and requests instantly, taking your IT management from automated to autonomous.
-
5
Tock OS
A secure embedded operating system for microcontrollers
Tock is a secure, embedded operating system designed for microcontrollers and low-power hardware platforms. Written in Rust, it uses a novel kernel architecture where the OS runs a minimal trusted core and all userland code, including device drivers, is sandboxed and isolated. Tock is ideal for IoT devices, wearables, and embedded research projects where reliability and safety are critical. Its capability-based security model and preemptive multitasking allow developers to safely run multiple applications on constrained devices with confidence in memory and fault isolation. -
6
ArkOS
Another rockchip Operating System
Another rockchip Operating System. This OS came about from an initial fork of The Retro Arena to support a roms folder on a NTFS partition so that the management of roms could be done by simply putting you SD card into an appropriate card reader on a Windows 10 computer. Through various upgrades and tweaks overtime, it has diverged significantly from TheRA and it's time to rebrand this distro. With suggestions provided by community members, ArkOS was chosen. -
7
Elkeid
Open source solution that can meet the requirements of workloads
Elkeid is an open-source platform for security and intrusion-detection that aims to support a wide variety of deployment contexts — from bare-metal hosts to containers, Kubernetes clusters, and even serverless environments. It was born out of ByteDance’s internal security best practices, offering for community users a subset of its enterprise-grade capabilities. Elkeid combines kernel-level data collection, user-space agents, and runtime instrumentation (RASP) to detect malicious behavior, file anomalies, runtime exploits, and suspicious container activity. ... -
8
fswatch
A cross-platform file change monitor with multiple backends
A cross-platform file change monitor with multiple backends: Apple OS X File System Events API, BSD kqueue, Solaris/Illumos File Events Notification, Linux inotify and a stat()-based backend. fswatch is a file change monitor that receives notifications when the contents of the specified files or directories are modified. fswatch implements four kinds of monitors. A monitor based on the File System Events API of Apple OS X. A monitor based on kqueue, an event notification interface introduced... -
9
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
syzkaller is Google’s coverage-guided, feedback-driven kernel fuzzer designed to uncover reliability and security bugs in operating system kernels at scale. It automatically generates, mutates, and minimizes system call programs, then drives them through a specialized executor (syz-executor) to exercise deep kernel paths. The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. ... -
Grafana: The open and composable observability platformGrafana is the open source analytics & monitoring solution for every database.
-
10
Jupyter Enterprise Gateway
Enables Jupyter Notebooks to share resources across clusters
Jupyter Enterprise Gateway is a headless web server with a pluggable framework for anyone supporting multiple notebook users in a managed-cluster environment. Some of the core functionality it provides is better optimization of compute resources, improved multi-user support, and more granular security for your Jupyter notebook environment - making it suitable for enterprise, scientific, and academic implementations. From a technical perspective, Jupyter Enterprise Gateway is a web server that enables the ability to launch kernels on behalf of remote notebooks. This leads to better resource management, as the web server is no longer the single location for kernel activity. ... -
11
Yank Note
A Hackable Markdown Note Application for Programmers
A Hackable Markdown Note Application for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, Reveal.js, plug-in, and macro replacement. Use Monaco kernel, optimize for Markdown editing, and have the same editing experience as VSCode. Support version control; Applets, runnable code blocks, tables, PlantUML, Drawio, macro replacements, etc., can be embedded in the document; support for OpenAI... -
12
Hubble
Network, Service & Security Observability for Kubernetes using eBPF
Hubble is a fully distributed networking and security observability platform for cloud native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner. The Linux kernel technology eBPF is enabling visibility into systems and applications at a granularity and efficiency that was not possible before. -
13
Deckhouse
Kubernetes platform from Flant
...Built-in implementation of Pod Security Standards and a ready-to-use, extensible set of recommended policies. Deckhouse automates many routine deployment, scaling, and infrastructure management operations out of the box. It manages system software on the nodes (kernel, CRI, kubelet), basic Kubernetes components (control plane, etc, certificates, etc.). -
14
Talos Linux
Talos Linux is a modern Linux distribution built for Kubernetes
Talos Linux is Linux designed for Kubernetes – secure, immutable, and minimal. Supports cloud platforms, bare metal, and virtualization platforms. All system management is done via an API. No SSH, shell or console. Production-ready supports some of the largest Kubernetes clusters in the world. Open source project from the team at Sidero Labs. It only takes 3 minutes to launch a Talos cluster on your laptop inside Docker. Talos reduces your attack surface. It's minimal, hardened and... -
15
WireGuard-Manager
Streamline the deployment and management of WireGuard VPNs
...WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. -
16
Armbian Linux Build Framework
Armbian Linux Build Framework
...Special config utilities are optional. A distributed image is compressed to its real data size which starts below 1G. Login is possible via serial, HDMI/VGA or SSH. Boot loader and kernel optimizations, memory caching, ZRAM swap, and video acceleration where applicable. Images are made fully automatized from sources. Releases are PGP signed and code is regularly inspected by the community. Long-term support, quick security fixes, documentation and community-based end-user support. Make sure you have a good & reliable SD card and a proper power supply. ... -
17
eCapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF
Capture SSL/TLS text content without a CA certificate using eBPF. Supports Linux/Android kernel versions x86_64 4.18 and above, aarch64 5.5 and above. Does not support Windows and macOS systems. -
18
Osquery
SQL operating system instrumentation and monitoring framework
Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser... -
19
firejail
Linux namespaces sandbox program
Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. ... -
20
LinuxKit
A toolkit for building secure, portable and lean operating systems
...Designed to be managed by external tooling, such as Infrakit (renamed to deploykit which has been archived in 2019) or similar tools. Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security. -
21
Kakarot_kernel
Custom kernel for Android device
Latest kernel based on 4.14.62 ONEUI and GSI build Compiled with latest Clang 13 Removed some security Enabled all Native Governers optimized code Fixed Magisk reboot on kernel Added Separate MTP option Default compressor as LZ4 Enabled NTFS file system Disabled CRC check Added state notifier Fsync ON/OFF support Added boeffla wl blocker Added CD ROM/DVD file system Disabled default kernel debugging Added wireGuard support Enabled Deadline IO SCHED -
22
Antrea
Kubernetes networking based on Open vSwitch
...With the programmability of Open vSwitch under the hood, Antrea can be extended to support advanced network use cases like kernel bypass and network service mesh. -
23
Capstone
Capstone disassembly/disassembler framework
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64). Having clean/simple/lightweight/intuitive... -
24
SWUpdate
Software Update for Embedded Systems
SWUpdate is a Linux Update agent with the goal to provide an efficient and safe way to update an embedded Linux system in the field. SWUpdate supports local and OTA updates and multiple update strategies and it is designed with security in mind. To start with SWUpdate, it is suggested you look at the documentation and build for one evaluation board (or you run SWUpdate on your host for a first overview). If you plan to update your device locally or remotely, SWUpdate is the right framework... -
25
Unikraft
A next-generation cloud native kernel designed to unlock performance
Unikraft powers the next generation of cloud-native, containerless applications by enabling you to radically customize and build custom OS/kernels; unlocking best-in-class performance, security primitives, and efficiency savings. Unikraft optimizes resource utilization, leading to smaller footprints (meaning higher server saturation) and improved efficiency in resource-constrained environments. Unikraft is an open-source project driven by a vibrant community of over 100 developers, fostering...
