Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 zero-trust Open-Source Projects
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
netbird
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
-
Ockam
Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.
-
-
Pomerium
Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
BrowserBox
🌀 Browse the web from a browser you run on a server, rather than on your local device. Lightweight virtual browser. For security, privacy and more! By https://github.com/dosyago
-
Ory Oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
-
ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
-
-
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.
-
-
chai
chai - Experience Zero Trust security with Chai! Convert and view documents as vivid images right in your browser. No mandatory downloads, no hassle—just pure, joyful security! 🌈 (by dosyago)
-
intents-operator
Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
-
-
in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Ask HN: What is your experience of tamper proof systems? | news.ycombinator.com | 2024-01-05
disclosure: I work at Ockam.
The Portals for Mac app is an example of the type of thing you could build using the open source stack of protocols. The README (linked by parent) links out to all of the relevant parts of the protocol documentation to explain how these work together. The NAT Traversal (https://github.com/build-trust/ockam/blob/develop/examples/a...) part of the README is probably the best explanation of why the free relay you get via Ockam Orchestrator is a useful part of this demo.
As for why would anyone trust this: The protocols are designed so you absolutely don't have to trust the relay. Trust is pushed out to the edges that you control and so you're not susceptible to a MITM attack if something like a relay is compromised. The protocol design for all of this is open and documented, and was independently audited by (IMO) some of the best in the business, Trail of Bits: https://docs.ockam.io/reference/protocols.
Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.
Option 3: Pomerium might be an alternative as well.
Project mention: OpenTerraform – an MPL fork of Terraform after HashiCorp's license change | news.ycombinator.com | 2023-08-11no, it and a ton of other things in their GH org are still MPL (for now): https://github.com/hashicorp/hcl-lang/blob/main/LICENSE including, confusingly https://github.com/hashicorp/boundary/blob/main/LICENSE which I would have thought would have fallen into the same "but AWS gonna steal our shit" fearmongering as Nomad, did to say nothing of the future in which AWS offers Managed Vagrant™ :eyeroll:
Project mention: Show HN: CloudTabs Web Browser – a web browser on every website | news.ycombinator.com | 2024-04-04Is that right? Could be a recent acquire if it's DOM mirroring.
I heard CF acquired S2 a few years ago, and what S2 did is they created a WebAssembly binary that composited the browser SKIA draw instructions on the client, and streamed the SKIA draw instructions from the server. Not without its issues, but certainly useful.
What we do is just stream pixels to the client. Yes it's expensive in terms of bandwidth, relatively. But the advantage is simplicity. And with a close server and bandwidth trending faster and cheaper, with the increasing drive to video consumption across media, I don't see bandwidth as an issue.
If you're interested, our code is on GitHub: https://github.com/BrowserBox/BrowserBox
Project mention: Show HN: OpenZiti (Apache 2.0, P2P, E2E encrypted, full mesh overlay) is now 1.0 | news.ycombinator.com | 2024-04-23
Project mention: Zrok: Private or Public, instant, secure tunneling of applications from anywhere | news.ycombinator.com | 2024-01-06
sounds fun; i see the arch aur has a few options as well. have you tried https://www.cipherdyne.org/fwknop/ ?
Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
But not just off-topic: abusive, and dishonest.
I'm not sure this even applies as we call the mutool binary installed via apt, rather than use or modify their libraries.
Even if it applies, Mu's AGPL requires you release the source code, which is what we already and have always done. So it doesn't apply. It doesn't require you use a particular license.
As you're so keen on searching our source you could have also easily read what the AGPL means, and seen that we use mutool^0, which I guess you would have done, if you were actually intending to be helpful rather than just trying to make us look bad, right? Hahaha! :)
I guess you're one of those people bitter at our success or maybe you were trying to use BrowserBox without paying the licensing fees and you didn't like that we made it commercial, is that right? Hahaha! :)
It seems if you were genuinely trying to be helpful rather than dishonest and trying to make us look bad, you would have just emailed me, right? Hahahahaha! :)
https://github.com/dosyago/chai/blob/37c1a1ec0941d81e0d6f8af...
The docker-compose.yml I followed is here: https://github.com/zyclonite/zerotier-docker/blob/main/README-router.md. My environment is a zerotier docker container running in Ubuntu 22.04.2 running on bare metal Intel NUC 5th gen.
Project mention: Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters | dev.to | 2024-01-10No more! The open-source intents-operator and credentials-operator enable you to achieve the same, except without all that work: do it all from Kubernetes, declaratively, and just-in-time, through the magic of IBAC (intent-based access control).
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
zero-trust related posts
- Show HN: OpenZiti (Apache 2.0, P2P, E2E encrypted, full mesh overlay) is now 1.0
-
Werbot VS trasa - a user suggested alternative
2 projects | 9 Apr 2024
- Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More
- Securing CI/CD Images with Cosign and OPA
- Zero-trust AI APIs serving Llama 2 70B inside enclaves
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
- Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
-
A note from our sponsor - InfluxDB
www.influxdata.com | 28 Apr 2024
Index
What are some of the best open-source zero-trust projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Netmaker | 8,952 |
| 2 | netbird | 8,888 |
| 3 | immudb | 8,486 |
| 4 | Ockam | 4,347 |
| 5 | cosign | 4,068 |
| 6 | Pomerium | 3,843 |
| 7 | boundary | 3,782 |
| 8 | Security-101 | 3,291 |
| 9 | BrowserBox | 3,171 |
| 10 | Ory Oathkeeper | 3,167 |
| 11 | ziti | 2,071 |
| 12 | zrok | 2,013 |
| 13 | spire | 1,665 |
| 14 | lunasec | 1,406 |
| 15 | fwknop | 1,025 |
| 16 | warrant | 979 |
| 17 | awesome-zero-trust | 706 |
| 18 | chai | 358 |
| 19 | iMonitorSDK | 320 |
| 20 | zerotier-docker | 282 |
| 21 | intents-operator | 277 |
| 22 | sandworm-guard-js | 248 |
| 23 | in-toto-golang | 114 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com