Top 20 Go zero-trust Projects

• Netmaker

  165 8,928 9.6 Go

  Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

  

Project mention: Netmaker: An open source WireGuard VPN | news.ycombinator.com | 2024-02-23

• netbird

  104 8,805 9.7 Go

  Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.

  

Project mention: JIT WireGuard | news.ycombinator.com | 2024-03-13

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• immudb

  52 8,481 9.5 Go

  immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

  

Project mention: Ask HN: What is your experience of tamper proof systems? | news.ycombinator.com | 2024-01-05

• cosign

  30 4,049 9.6 Go

  Code signing and transparency for containers and binaries

  

Project mention: Securing CI/CD Images with Cosign and OPA | dev.to | 2023-11-15

Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.

• Pomerium

  26 3,832 9.7 Go

  Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.

  

Project mention: OAuth server for authorization | /r/googlecloud | 2023-12-05

Option 3: Pomerium might be an alternative as well.

• boundary

  2 3,776 9.9 Go

  Boundary enables identity-based access management for dynamic infrastructure.

  

Project mention: OpenTerraform – an MPL fork of Terraform after HashiCorp's license change | news.ycombinator.com | 2023-08-11

no, it and a ton of other things in their GH org are still MPL (for now): https://github.com/hashicorp/hcl-lang/blob/main/LICENSE including, confusingly https://github.com/hashicorp/boundary/blob/main/LICENSE which I would have thought would have fallen into the same "but AWS gonna steal our shit" fearmongering as Nomad, did to say nothing of the future in which AWS offers Managed Vagrant™ :eyeroll:

• Ory Oathkeeper

  4 3,164 7.1 Go

  A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• ziti

  83 2,036 9.8 Go

  The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

  

Project mention: Has anyone tried OpenZiti? | /r/selfhosted | 2023-07-07

If you are not aware of what OpenZiti is, this is the description available on their website:

• zrok

  17 1,987 9.8 Go

  Geo-scale, next-generation peer-to-peer sharing platform built on top of OpenZiti.

  

Project mention: Zrok: Private or Public, instant, secure tunneling of applications from anywhere | news.ycombinator.com | 2024-01-06

• spire

  4 1,665 9.7 Go

  The SPIFFE Runtime Environment (by spiffe)

  

• warrant

  39 967 9.1 Go

  Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.

  

Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05

Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.

• intents-operator

  10 275 9.3 Go

  Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.

  

Project mention: Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters | dev.to | 2024-01-10

No more! The open-source intents-operator and credentials-operator enable you to achieve the same, except without all that work: do it all from Kubernetes, declaratively, and just-in-time, through the magic of IBAC (intent-based access control).

• in-toto-golang

  0 114 8.3 Go

  A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

  

• sdk-golang

  3 89 9.3 Go

  Ziti SDK for Golang

  

• Werbot

  1 77 8.3 Go

  🔑 Share access for teams - self-hosted solution for teams with single sign-on for easy, secure shared access to servers, databases or applications.

  

Project mention: Werbot VS trasa - a user suggested alternative | libhunt.com/r/werbot | 2024-04-09

• spiffe-vault

  0 76 8.2 Go

  Integrates Spiffe and Vault to have secretless authentication

  

• sshizzle

  1 71 0.0 Go

  Serverless, Zero-Trust SSH for Microsoft Azure

  

• cloudflare-zero-trust-operator

  1 43 6.4 Go

  K8s operator for configuring Cloudflare Zero Trust :cloud: :zap: :closed_lock_with_key:

• farmfa

  1 21 0.0 Go

  TOTP MFA for teams: Shamir's Secret Sharing and zero trust OTP generation

• kubeztl

  1 4 3.7 Go

  A zitified kubernetes client

  

Project mention: Kubernetes Exposed: One YAML Away from Disaster | news.ycombinator.com | 2023-08-08

https://github.com/openziti-test-kitchen/kubeztl/tree/main

disclosure: i am a maintainer and the software overlay in the middle (helps enforce outbound-only, pre-authorized connects only) needs to be managed (self-hosted foss or hosted saas), so there are still trade-offs.

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Go zero-trust related posts

• Werbot VS trasa - a user suggested alternative
  2 projects | 9 Apr 2024
• Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More
  2 projects | /r/SysAdminBlogs | 17 Nov 2023
• Securing CI/CD Images with Cosign and OPA
  4 projects | dev.to | 15 Nov 2023
• Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
  1 project | /r/hypeurls | 31 Aug 2023
• Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
  1 project | /r/patient_hackernews | 30 Aug 2023
• Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
  4 projects | news.ycombinator.com | 27 Aug 2023
• NetMaker: Connect Everything with a WireGuard VPN
  4 projects | news.ycombinator.com | 15 Aug 2023
• A note from our sponsor - WorkOS
  workos.com | 23 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!