The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Policy Open-Source Projects
-
datree
Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
app-privacy-policy-generator
Generate a customized Privacy Policy and Terms of Use document for your mobile apps
-
cerbos
Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
-
OPAL
Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...) (by permitio)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
balanced-employee-ip-agreement
GitHub's employee intellectual property agreement, open sourced and reusable
-
Certified-Kubernetes-Security-Specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
-
KubeArmor
Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
-
felix
Project Calico's per-host agent Felix, responsible for programming routes and security policy.
-
OpenAM
OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
-
gke-policy-automation
Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
How can we handle this? Are there any mechanisms to prevent or at least to some extent safeguard this kind of issues without falling back to a manual workflow? There is. One huge advantage of sticking to (de-facto) standards like Terraform is that first we are probably not the first ones to come up with this question and second there is a huge ecosystem around Terraform that might help us with such challenges. And for this specific scenario the solution is the Open Policy Agent. Let us take a closer look how the solution could look like.
Everytime I see Shellcheck coming up, I have to mention shellharden[0] written by a colleague of mine. It is basically shellcheck but it applies the suggested changes automatically.
0: https://github.com/anordal/shellharden
Project mention: Shrink to Secure: Kubernetes and Secure Compact Containers | news.ycombinator.com | 2023-07-02
Another tool that can help you deploy a Policy as Code-based solution in 2024 is OPAL, the Open Policy Administration Layer. OPAL is an open-source project that provides a comprehensive policy-based service for applications. With one click, you can deploy a full architecture of a Git-based centralized policy store with decentralized policy engines running as a sidecar with your applications. OPAL also provides a unified architecture to sync all the data you need with the policy engines.
Project mention: My collection of Ansible roles for self-hosting everything with Rocky Linux and FreeIPA | /r/selfhosted | 2023-06-02FreeRADIUS WiFi authentication server
Project mention: Ask HN: I found a security issue on a (known) website, should I report it? How? | news.ycombinator.com | 2024-04-08
The pull request and an update from GH team on what they mean,
https://github.com/github/site-policy/pull/926#issuecomment-...
KCL: A declarative configuration and policy programming language implemented by Rust, which improves the writing of a large number of complex configurations through mature programming language technology and practice, and is committed to building better modularity, scalability and stability around configuration, simpler logic writing, fast automation and good ecological extensionally.
Pike is a tool that analyzes Terraform managed resources and automatically generates the necessary IAM permissions, improving security by ensuring that only the minimum necessary permissions are granted.
Policy related posts
- GitHub policy proposal on deepfake AI tools
- GitHub policy proposal on deepfake AI tools
- GitHub policy proposal to ban projects used to create deepfakes
- Show HN: My wife and I made a maze game
- Ask HN: I found a security issue on a (known) website, should I report it? How?
- SAP BTP, Terraform and Open Policy Agent
- Why should you care about the "security.txt" file on your website?
-
A note from our sponsor - WorkOS
workos.com | 25 Apr 2024
Index
What are some of the best open-source Policy projects? This list will help you:
Project | Stars | |
---|---|---|
1 | OPA (Open Policy Agent) | 9,118 |
2 | datree | 6,403 |
3 | shellharden | 4,537 |
4 | app-privacy-policy-generator | 3,746 |
5 | gatekeeper | 3,465 |
6 | cerbos | 2,502 |
7 | OPAL | 2,281 |
8 | balanced-employee-ip-agreement | 2,116 |
9 | FreeRADIUS | 2,004 |
10 | Certified-Kubernetes-Security-Specialist | 1,916 |
11 | security-txt | 1,738 |
12 | site-policy | 1,653 |
13 | azure-policy | 1,430 |
14 | KubeArmor | 1,273 |
15 | kcl | 1,250 |
16 | felix | 922 |
17 | FreeIPA | 920 |
18 | covid-policy-tracker | 760 |
19 | OpenAM | 722 |
20 | policy-bot | 705 |
21 | gatekeeper-library | 603 |
22 | gke-policy-automation | 508 |
23 | pike | 499 |
Sponsored