Top 16 sandboxing Open-Source Projects

• sandboxed-api

  5 1,644 9.2 C++

  Generate sandboxes for C/C++ libraries automatically

  

• loft

  5 689 9.1 Go

  Namespace & Virtual Cluster Manager for Kubernetes - Lightweight Virtual Clusters, Self-Service Provisioning for Engineers and 70% Cost Savings with Sleep Mode

  

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• cap-std

  12 622 6.6 Rust

  Capability-oriented version of the Rust standard library

  

• packj

  38 615 7.2 Python

  Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

  

Project mention: Rust Without Crates.io | news.ycombinator.com | 2023-11-14

Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

• xdg-desktop-portal

  154 525 9.4 C

  Desktop integration portal

  

Project mention: Flathub: One million active users and growing | news.ycombinator.com | 2024-01-29

• uvm

  6 503 9.1 Rust

  Fun, portable, minimalistic virtual machine.

• rlbox

  2 277 2.8 C++

  RLBox sandboxing framework

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• minijail

  1 234 7.9 C

  sandboxing and containment tool used in ChromeOS and Android

  

Project mention: The best WebAssembly runtime may be no runtime at all | news.ycombinator.com | 2023-12-11

https://gvisor.dev/docs/architecture_guide/platforms/ :

> gVisor requires a platform to implement interception of syscalls, basic context switching, and memory mapping functionality. Internally, gVisor uses an abstraction sensibly called Platform.

Chrome sandbox: https://chromium.googlesource.com/chromium/src/+/refs/heads/...

Firefox sandbox: https://wiki.mozilla.org/Security/Sandbox

Chromium sandbox types summary: https://github.com/chromium/chromium/blob/main/docs/linux/sa...

Minijail: https://github.com/google/minijail :

> Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.

Chrome vulnerability reward amounts: https://bughunters.google.com/about/rules/5745167867576320/c...

Systemd has SystemCallFilter= to limit processes to certain syscall:

• WebApps

  16 227 0.0 Xtend

  DEPRECATED ⛔️ Android app to provide sandboxed (private) browsing of webapps

Project mention: Alternative way to access Reddit on phone (a tutorial) | /r/cyprus | 2023-06-27

Download the app to your device by using the download option of your choosing from here https://github.com/tobykurien/WebApps

• Example

  1 197 7.8 JavaScript

  Metarhia application example for Node.js 🟢 (by metarhia)

  

• ego

  3 111 5.5 Rust

  Alter Ego: run Linux desktop applications under a different local user (by intgr)

Project mention: Call for Ideas: How to have a 'user container' while logged in with a guest account? | /r/linuxquestions | 2023-05-25

• rust-landlock

  1 79 5.9 Rust

  A Rust library for the Linux Landlock sandboxing feature

  

• sandwine

  1 59 7.3 Python

  :wine_glass: Command-line tool to run Windows apps with Wine and bwrap/bubblewrap isolation on Linux

• forkfs

  2 58 5.8 Rust

  ForkFS allows you to sandbox a process's changes to your file system.

• apparmor-profiles

  1 30 0.0 Roff

  AppArmor Security Profiles for some applications (by nibags)

• nix-bubblewrap

  1 17 0.0 Tcl

  Nix - bubblewrap integration (mirror)

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

sandboxing related posts

• Alternative way to access Reddit on phone (a tutorial)

  2 projects | /r/cyprus | 27 Jun 2023

• Call for Ideas: How to have a 'user container' while logged in with a guest account?

  1 project | /r/linuxquestions | 25 May 2023

• A CLI app that sandboxes processes’ file operations

  1 project | /r/linux | 24 Mar 2023

• GrapheneOS NFC Payment options (Google Pay etc)

  1 project | /r/GrapheneOS | 1 Jan 2023

• Running Net Guard or other Firewall on stock Android?

  1 project | /r/degoogle | 22 Sep 2022

• Any news of Webapp updated alternative??

  1 project | /r/fossdroid | 8 Aug 2022

• FOSS Instagram client

  1 project | /r/fossdroid | 21 May 2022
• A note from our sponsor - InfluxDB
  www.influxdata.com | 3 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com