Policy

Top 23 Policy Open-Source Projects

  • OPA (Open Policy Agent)

    Open Policy Agent (OPA) is an open source, general-purpose policy engine.

    Project mention: Top Terraform Tools to Know in 2024 | dev.to | 2024-03-26

    A popular Policy-as-Code tool for Terraform is OPA, everyone's favorite versatile open-source policy engine that enforces security and compliance policies across your cloud-native stack, making it easier to manage and maintain consistent policy enforcement in complex, multi-service environments.

  • datree

    Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

    Project mention: Show HN: Datree (YC W20) – End-to-End Policy Management for Kubernetes | news.ycombinator.com | 2023-04-04

    Hi HN, I’m Shimon, the co-founder of Datree: A policy management solution for Kubernetes. We help DevOps engineers prevent misconfigurations in their Kubernetes by enforcing an organizational policy on their clusters. Engineers can define a custom policy or use one of Datree’s built-in policies, such as NIST/NSA Hardening Guide, EKS Security Best Practices, CIS Benchmark, and more.

    Our website is at https://datree.io and our GitHub is here: https://github.com/datreeio/datree

    This is not the first time I have shown Datree to the HN community: A little over a year ago, I posted here an earlier version of Datree (https://news.ycombinator.com/item?id=28918850). At that time, Datree consisted of a CLI tool to detect Kubernetes misconfigurations during the development process (locally or in the CI/CD), unlike the version I present today in which the enforcement happens in production.

    We built the CLI tool because we detected a big problem among Kubernetes operators: Misconfigurations. Kubernetes is extremely complex and flexible, which makes it very easy to poorly configure it in ways that are not secure. And indeed, we talked to dozens of Kubernetes operators who suffered from various problems, starting with failed audits, all the way to downtime in production, all because of misconfigurations.

    Our solution was simple: Give the developers the means to shift-left security testing during the development process with a CLI tool that can be integrated into the CI/CD. We thought this was the best way to approach the problem: It is easiest to fix misconfigurations in the development process before they are deployed to production, it prevents context-switching and relieves resources from the DevOps team.

    While the CLI tool was very popular among the open-source community (it got over 6000 stars on GitHub), we soon realized that CI/CD enforcement is not enough. As we talked with Datree’s users, we realized we had made a fundamental mistake: We thought of misconfiguration prevention in technical terms rather than organizational terms.

    Indeed, from a technical point of view, it makes sense to shift-left Kubernetes security. But when considering the organizational structure in which it takes place, it simply isn’t enough. DevOps engineers told us that they love the shift-left concept, but they simply cannot rely on the goodwill of the engineers to run a CLI tool locally or to monitor all the pipelines leading to production. They need governance, something to help them stay in control of the state of their clusters.

    Moreover, we realized that many companies who use Kubernetes are heavily regulated, and cannot take any chances with their security. Sure, these companies want the engineers to fix misconfigurations during development, but they also want something to make sure that no matter what, their clusters remain misconfiguration-free.

    Based on this understanding, we developed a new version of Datree that sits on the cluster itself (rather than in the CI/CD) and protects the production environment by blocking misconfigured resources with an admission webhook. It has a centralized policy management solution to enable governance, and native monitoring to get real-time insights into the state of your Kubernetes.

    I look forward to hearing your feedback and answering any questions you may have.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • shellharden

    The corrective bash syntax highlighter

    Project mention: Shellcheck finds bugs in your shell scripts | news.ycombinator.com | 2023-11-23

    Everytime I see Shellcheck coming up, I have to mention shellharden[0] written by a colleague of mine. It is basically shellcheck but it applies the suggested changes automatically.

    0: https://github.com/anordal/shellharden

  • app-privacy-policy-generator

    Generate a customized Privacy Policy and Terms of Use document for your mobile apps

    Project mention: Privacy Policy for mobile release? | /r/GameDevelopment | 2023-07-06
  • gatekeeper

    🐊 Gatekeeper - Policy Controller for Kubernetes

    Project mention: Shrink to Secure: Kubernetes and Secure Compact Containers | news.ycombinator.com | 2023-07-02
  • cerbos

    Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

    Project mention: Open Policy Agent | news.ycombinator.com | 2024-03-12
  • OPAL

    Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...) (by permitio)

    Project mention: Top 5 Access Control Features You Should Implement in 2024 | dev.to | 2023-12-27

    Another tool that can help you deploy a Policy as Code-based solution in 2024 is OPAL, the Open Policy Administration Layer. OPAL is an open-source project that provides a comprehensive policy-based service for applications. With one click, you can deploy a full architecture of a Git-based centralized policy store with decentralized policy engines running as a sidecar with your applications. OPAL also provides a unified architecture to sync all the data you need with the policy engines.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • balanced-employee-ip-agreement

    GitHub's employee intellectual property agreement, open sourced and reusable

    Project mention: GitHub's employee intellectual property agreement, open sourced and reusable | /r/CKsTechNews | 2023-04-05
  • FreeRADIUS

    FreeRADIUS - A multi-protocol policy server.

    Project mention: My collection of Ansible roles for self-hosting everything with Rocky Linux and FreeIPA | /r/selfhosted | 2023-06-02

    FreeRADIUS WiFi authentication server

  • Certified-Kubernetes-Security-Specialist

    Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

  • security-txt

    A proposed standard that allows websites to define security policies.

    Project mention: Why should you care about the "security.txt" file on your website? | news.ycombinator.com | 2024-01-22

    A very, very long article to say "you should have a security.txt file, find an example at https://securitytxt.org/".

  • site-policy

    Collaborative development on GitHub's site policies, procedures, and guidelines

  • azure-policy

    Repository for Azure Resource Policy built-in definitions and samples

  • KubeArmor

    Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).

  • kcl

    KCL Programming Language (CNCF Sandbox Project). https://kcl-lang.io

    Project mention: 10 Ways for Kubernetes Declarative Configuration Management | dev.to | 2024-01-01

    KCL: A declarative configuration and policy programming language implemented by Rust, which improves the writing of a large number of complex configurations through mature programming language technology and practice, and is committed to building better modularity, scalability and stability around configuration, simpler logic writing, fast automation and good ecological extensionally.

  • felix

    Project Calico's per-host agent Felix, responsible for programming routes and security policy.

  • FreeIPA

    Mirror of FreeIPA, an integrated security information management solution

    Project mention: Non-interactive SSH password authentication | news.ycombinator.com | 2023-12-25
  • covid-policy-tracker

    Systematic dataset of Covid-19 policy, from Oxford University

  • OpenAM

    OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.

  • policy-bot

    A GitHub App that enforces approval policies on pull requests

  • gatekeeper-library

    📚 The OPA Gatekeeper policy library

    Project mention: Multi-tenancy in Kubernetes | dev.to | 2023-04-10

    Here is a library or rules for the Open Policy Agent.

  • gke-policy-automation

    Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices

  • pike

    Pike is a tool for determining the permissions or policy required for IAC code

    Project mention: Top Terraform Tools to Know in 2024 | dev.to | 2024-03-26

    ‍Pike is a tool that analyzes Terraform managed resources and automatically generates the necessary IAM permissions, improving security by ensuring that only the minimum necessary permissions are granted.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-03-26.

Policy related posts

Index

What are some of the best open-source Policy projects? This list will help you:

Project Stars
1 OPA (Open Policy Agent) 9,024
2 datree 6,402
3 shellharden 4,530
4 app-privacy-policy-generator 3,700
5 gatekeeper 3,422
6 cerbos 2,417
7 OPAL 2,252
8 balanced-employee-ip-agreement 2,114
9 FreeRADIUS 1,999
10 Certified-Kubernetes-Security-Specialist 1,910
11 security-txt 1,738
12 site-policy 1,645
13 azure-policy 1,421
14 KubeArmor 1,246
15 kcl 1,203
16 felix 922
17 FreeIPA 911
18 covid-policy-tracker 759
19 OpenAM 705
20 policy-bot 700
21 gatekeeper-library 599
22 gke-policy-automation 507
23 pike 458
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com