The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 20 Go zero-trust Projects
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
netbird
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
-
Pomerium
Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
-
Ory Oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.
-
intents-operator
Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
-
in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
-
Werbot
🔑 Share access for teams - self-hosted solution for teams with single sign-on for easy, secure shared access to servers, databases or applications.
-
cloudflare-zero-trust-operator
K8s operator for configuring Cloudflare Zero Trust :cloud: :zap: :closed_lock_with_key:
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Ask HN: What is your experience of tamper proof systems? | news.ycombinator.com | 2024-01-05
Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.
Option 3: Pomerium might be an alternative as well.
Project mention: OpenTerraform – an MPL fork of Terraform after HashiCorp's license change | news.ycombinator.com | 2023-08-11no, it and a ton of other things in their GH org are still MPL (for now): https://github.com/hashicorp/hcl-lang/blob/main/LICENSE including, confusingly https://github.com/hashicorp/boundary/blob/main/LICENSE which I would have thought would have fallen into the same "but AWS gonna steal our shit" fearmongering as Nomad, did to say nothing of the future in which AWS offers Managed Vagrant™ :eyeroll:
If you are not aware of what OpenZiti is, this is the description available on their website:
Project mention: Zrok: Private or Public, instant, secure tunneling of applications from anywhere | news.ycombinator.com | 2024-01-06
Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
Project mention: Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters | dev.to | 2024-01-10No more! The open-source intents-operator and credentials-operator enable you to achieve the same, except without all that work: do it all from Kubernetes, declaratively, and just-in-time, through the magic of IBAC (intent-based access control).
Project mention: Kubernetes Exposed: One YAML Away from Disaster | news.ycombinator.com | 2023-08-08https://github.com/openziti-test-kitchen/kubeztl/tree/main
disclosure: i am a maintainer and the software overlay in the middle (helps enforce outbound-only, pre-authorized connects only) needs to be managed (self-hosted foss or hosted saas), so there are still trade-offs.
Go zero-trust related posts
-
Werbot VS trasa - a user suggested alternative
2 projects | 9 Apr 2024
- Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More
- Securing CI/CD Images with Cosign and OPA
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
- NetMaker: Connect Everything with a WireGuard VPN
-
A note from our sponsor - WorkOS
workos.com | 23 Apr 2024
Index
What are some of the best open-source zero-trust projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | Netmaker | 8,928 |
2 | netbird | 8,805 |
3 | immudb | 8,481 |
4 | cosign | 4,049 |
5 | Pomerium | 3,832 |
6 | boundary | 3,776 |
7 | Ory Oathkeeper | 3,164 |
8 | ziti | 2,036 |
9 | zrok | 1,987 |
10 | spire | 1,665 |
11 | warrant | 967 |
12 | intents-operator | 275 |
13 | in-toto-golang | 114 |
14 | sdk-golang | 89 |
15 | Werbot | 77 |
16 | spiffe-vault | 76 |
17 | sshizzle | 71 |
18 | cloudflare-zero-trust-operator | 43 |
19 | farmfa | 21 |
20 | kubeztl | 4 |
Sponsored