Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 zero-trust Open-Source Projects
-
netbird
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
-
Ockam
Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.
-
-
Pomerium
Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
BrowserBox
🌀 Browse the web from a browser you run on a server, rather than on your local device. Lightweight virtual browser. For security, privacy and more! By https://github.com/dosyago
-
Ory Oathkeeper
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
-
ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
-
-
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.
-
-
chai
chai - Experience Zero Trust security with Chai! Convert and view documents as vivid images right in your browser. No mandatory downloads, no hassle—just pure, joyful security! 🌈 (by dosyago)
-
intents-operator
Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
-
-
in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard
This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.
https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard
This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.
Project mention: Ask HN: What is your experience of tamper proof systems? | news.ycombinator.com | 2024-01-05
disclosure: I work at Ockam.
The Portals for Mac app is an example of the type of thing you could build using the open source stack of protocols. The README (linked by parent) links out to all of the relevant parts of the protocol documentation to explain how these work together. The NAT Traversal (https://github.com/build-trust/ockam/blob/develop/examples/a...) part of the README is probably the best explanation of why the free relay you get via Ockam Orchestrator is a useful part of this demo.
As for why would anyone trust this: The protocols are designed so you absolutely don't have to trust the relay. Trust is pushed out to the edges that you control and so you're not susceptible to a MITM attack if something like a relay is compromised. The protocol design for all of this is open and documented, and was independently audited by (IMO) some of the best in the business, Trail of Bits: https://docs.ockam.io/reference/protocols.
Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.
Option 3: Pomerium might be an alternative as well.
Project mention: OpenTerraform – an MPL fork of Terraform after HashiCorp's license change | news.ycombinator.com | 2023-08-11no, it and a ton of other things in their GH org are still MPL (for now): https://github.com/hashicorp/hcl-lang/blob/main/LICENSE including, confusingly https://github.com/hashicorp/boundary/blob/main/LICENSE which I would have thought would have fallen into the same "but AWS gonna steal our shit" fearmongering as Nomad, did to say nothing of the future in which AWS offers Managed Vagrant™ :eyeroll:
Project mention: Caniwebview.com – Like Caniuse but for Webviews | news.ycombinator.com | 2024-05-07This is great. I want to add WebWebView to the list and show 100% compatibility, because we run Chrome on the server and open a portal to it via an iframe. You can see it running here: https://browse.cloudtabs.net/signupless_sessions and code here: https://github.com/BrowserBox/BrowserBox - But we have yet to release a developer API. Seeing this, we will double our efforts!
Project mention: Show HN: Pico: An open-source Ngrok alternative built for production traffic | news.ycombinator.com | 2024-05-14I worked on a minimal self-hosted ziti for Docker here https://github.com/openziti/ziti/tree/release-next/quickstar... and minimal self-hosted zrok (includes ziti) for Docker here https://docs.zrok.io/docs/guides/self-hosting/docker/
...so, basically:
wget https://get.openziti.io/dock/all-in-one/compose.yml
Project mention: List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting. | dev.to | 2024-04-30zrok - Aims for effortless sharing both publicly and privately. Supports multiple types of resources, including HTTP endpoints and files. Built on OpenZiti (see overlay section below). Apache 2 License. Written in Go.
sounds fun; i see the arch aur has a few options as well. have you tried https://www.cipherdyne.org/fwknop/ ?
Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
But not just off-topic: abusive, and dishonest.
I'm not sure this even applies as we call the mutool binary installed via apt, rather than use or modify their libraries.
Even if it applies, Mu's AGPL requires you release the source code, which is what we already and have always done. So it doesn't apply. It doesn't require you use a particular license.
As you're so keen on searching our source you could have also easily read what the AGPL means, and seen that we use mutool^0, which I guess you would have done, if you were actually intending to be helpful rather than just trying to make us look bad, right? Hahaha! :)
I guess you're one of those people bitter at our success or maybe you were trying to use BrowserBox without paying the licensing fees and you didn't like that we made it commercial, is that right? Hahaha! :)
It seems if you were genuinely trying to be helpful rather than dishonest and trying to make us look bad, you would have just emailed me, right? Hahahahaha! :)
https://github.com/dosyago/chai/blob/37c1a1ec0941d81e0d6f8af...
Project mention: Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters | dev.to | 2024-01-10No more! The open-source intents-operator and credentials-operator enable you to achieve the same, except without all that work: do it all from Kubernetes, declaratively, and just-in-time, through the magic of IBAC (intent-based access control).
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
zero-trust related posts
-
Show HN: Wag, MFA and Enrollment for WireGuard
-
Show HN: OpenZiti (Apache 2.0, P2P, E2E encrypted, full mesh overlay) is now 1.0
-
Werbot VS trasa - a user suggested alternative
2 projects | 9 Apr 2024 -
Free Tech Tools and Resources - Multi-clock Display, Networking Tools, Digital Forensics & More
-
Securing CI/CD Images with Cosign and OPA
-
Zero-trust AI APIs serving Llama 2 70B inside enclaves
-
Netbirdio/netbird: Connect devices into a single private WireGuard mesh network
-
A note from our sponsor - InfluxDB
www.influxdata.com | 31 May 2024
Index
What are some of the best open-source zero-trust projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | netbird | 9,468 |
| 2 | Netmaker | 9,061 |
| 3 | immudb | 8,508 |
| 4 | Ockam | 4,360 |
| 5 | cosign | 4,156 |
| 6 | Pomerium | 3,905 |
| 7 | boundary | 3,795 |
| 8 | Security-101 | 3,514 |
| 9 | BrowserBox | 3,226 |
| 10 | Ory Oathkeeper | 3,180 |
| 11 | ziti | 2,175 |
| 12 | zrok | 2,143 |
| 13 | spire | 1,688 |
| 14 | lunasec | 1,413 |
| 15 | fwknop | 1,038 |
| 16 | warrant | 1,035 |
| 17 | awesome-zero-trust | 706 |
| 18 | chai | 359 |
| 19 | iMonitorSDK | 328 |
| 20 | zerotier-docker | 293 |
| 21 | intents-operator | 280 |
| 22 | sandworm-guard-js | 248 |
| 23 | in-toto-golang | 114 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com