Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev. Learn more →
Top 17 Go zero-trust Projects
-
immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
Project mention: Immudb release, open source tamper-evident database now supports Document Model | news.ycombinator.com | 2023-10-19 -
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Project mention: Connecting several hundreds IoT (raspberry pi's) devices with a VPN | /r/VPN | 2023-12-07My plan is to set up an EC2 instance and host a VPN, considering options like Netmaker, OpenVPN, or Tailscale. The goal is to connect these devices to the VPN, enabling SSH access from any connected node. This method seems cost-effective(Considering I want to use 100s of devices and potentially 1000s) and straightforward, requiring a simple setup with a sudo apt command on the Raspberry Pi.
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
netbird
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
Project mention: Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More | /r/SysAdminBlogs | 2023-11-17NetBird is a configuration-free, peer-to-peer private network combined with a centralized access control system. Utilizing a WireGuard-based overlay network, it ensures encrypted connections between machines without the need for complex configurations such as port openings, intricate firewall rules, or VPN gateways. Prioritizes security with intuitive management of granular access policies for secure remote access, applicable universally across any infrastructure. petr205 explains, "Their SaaS version is free up to 100 machines and 5 users, but the self-hosted version is exactly the same and has very low requirements."
-
Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.
-
Option 3: Pomerium might be an alternative as well.
-
Project mention: OpenTerraform – an MPL fork of Terraform after HashiCorp's license change | news.ycombinator.com | 2023-08-11
no, it and a ton of other things in their GH org are still MPL (for now): https://github.com/hashicorp/hcl-lang/blob/main/LICENSE including, confusingly https://github.com/hashicorp/boundary/blob/main/LICENSE which I would have thought would have fallen into the same "but AWS gonna steal our shit" fearmongering as Nomad, did to say nothing of the future in which AWS offers Managed Vagrant™ :eyeroll:
-
Ory Oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
-
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
-
ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
If you are not aware of what OpenZiti is, this is the description available on their website:
-
intents-operator
Manage network policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
As you've mentioned, it is not possible to define deny rules using the native NetworkPolicy resource. Instead, you could use your CNI’s implementation for network policies. If you use Calico as your CNI you can use Calico's network policies to create deny rules. You can also take a look at Otterize OSS, an open-source solution my team and I are working on recently. It simplifies network policies by defining them from the client’s perspective in a ClientIntents resource. You can use the network mapper to auto-generate those ClientIntents from the traffic in your cluster, and then deploy them and let the intents-operator manage the network policies for you.
-
in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
-
Project mention: ngrok-go: embed ingress into your Go apps as a net.Listener | /r/golang | 2023-03-09
- WRT app embedded: We have some examples in https://github.com/openziti/sdk-golang. Also, our documents on embedding into Prometheus (https://docs.openziti.io/blog/zitification/prometheus/part1/) and Kubeclt (https://docs.openziti.io/blog/zitification/kubernetes/) should be useful. This use case is basically what Ozone did - https://ozone.one/blog/ozone-zitifies-private-kubernetes-deployments-with-netfoundry.
-
-
-
cloudflare-zero-trust-operator
K8s operator for configuring Cloudflare Zero Trust :cloud: :zap: :closed_lock_with_key:
apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - https://github.com/BojanZelic/cloudflare-zero-trust-operator//config/default?ref=0.1.7 secretGenerator: - name: cloudflare-creds behavior: replace literals: - CLOUDFLARE_API_KEY="" - CLOUDFLARE_API_EMAIL="" - CLOUDFLARE_ACCOUNT_ID="" - CLOUDFLARE_API_TOKEN=""
-
-
Project mention: Kubernetes Exposed: One YAML Away from Disaster | news.ycombinator.com | 2023-08-08
https://github.com/openziti-test-kitchen/kubeztl/tree/main
disclosure: i am a maintainer and the software overlay in the middle (helps enforce outbound-only, pre-authorized connects only) needs to be managed (self-hosted foss or hosted saas), so there are still trade-offs.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-12-07.
Go zero-trust related posts
- Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More
- Securing CI/CD Images with Cosign and OPA
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
- NetMaker: Connect Everything with a WireGuard VPN
- Has anyone tried OpenZiti?
-
A note from our sponsor - Onboard AI
getonboard.dev | 8 Dec 2023
Index
What are some of the best open-source zero-trust projects in Go? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | immudb | 8,388 |
| 2 | Netmaker | 8,377 |
| 3 | netbird | 7,095 |
| 4 | cosign | 3,762 |
| 5 | Pomerium | 3,720 |
| 6 | boundary | 3,713 |
| 7 | Ory Oathkeeper | 3,082 |
| 8 | spire | 1,564 |
| 9 | ziti | 1,534 |
| 10 | intents-operator | 260 |
| 11 | in-toto-golang | 108 |
| 12 | sdk-golang | 68 |
| 13 | sshizzle | 68 |
| 14 | spiffe-vault | 65 |
| 15 | cloudflare-zero-trust-operator | 35 |
| 16 | farmfa | 22 |
| 17 | kubeztl | 3 |
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com