{"id":92733,"url":"https://github.com/dstrates/awesome-platform-engineering","name":"awesome-platform-engineering","description":"A curated list of awesome tools, resources and various shiny things","projects_count":415,"last_synced_at":"2026-06-07T19:00:25.248Z","repository":{"id":219875327,"uuid":"750120396","full_name":"dstrates/awesome-platform-engineering","owner":"dstrates","description":"A curated list of awesome tools, resources and various shiny things","archived":false,"fork":false,"pushed_at":"2026-02-10T04:26:59.000Z","size":50,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-04-19T11:03:20.988Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dstrates.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-01-30T02:39:55.000Z","updated_at":"2026-02-10T04:27:03.000Z","dependencies_parsed_at":"2024-05-30T02:40:41.229Z","dependency_job_id":"7319346f-471b-485f-b9ae-f89e6e49c2d8","html_url":"https://github.com/dstrates/awesome-platform-engineering","commit_stats":null,"previous_names":["dstrates/awesome-platform-engineering"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dstrates/awesome-platform-engineering","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstrates%2Fawesome-platform-engineering","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstrates%2Fawesome-platform-engineering/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstrates%2Fawesome-platform-engineering/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstrates%2Fawesome-platform-engineering/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dstrates","download_url":"https://codeload.github.com/dstrates/awesome-platform-engineering/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dstrates%2Fawesome-platform-engineering/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32654618,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-05T11:29:49.557Z","status":"ssl_error","status_checked_at":"2026-05-05T11:29:48.587Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"created_at":"2025-08-08T19:35:03.773Z","updated_at":"2026-06-07T19:00:25.249Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["Application Security","Secrets management","Platform as a Service","Chat and ChatOps","Dependency management","Testing","Sharing","Service catalogue","Internal developer platform","Cloud asset inventory","Bug tracking","Continuous integration","Observability","Status pages","Kubernetes","Usage-based pricing","Continuous deployment","Policy as code","Diagrams as code","Identity and access management","Linting","Chaos engineering","Cloud cost management","Documentation as code","Kafka","Artifact signing and attestation","Git Tools","Containers","Infrastructure as code","API tools","Endpoint validation","Dashboards as code"],"sub_categories":["SAST","Regex","Threat modelling","Build systems","Load, stress \u0026 soak testing","API Fuzzing","A/B testing","Infrastructure from code","Shell into containers","SCA","Hook management tools","Kubernetes testing","Kubernetes local development","Supply chain security","Kubernetes runtime security","Secrets detection","Infrastructure as code generation","DAST","Kubernetes security posture management","Kubernetes templating","Terraform","Kubernetes IAM","Polyrepo operations tools","Kubernetes static analysis","Repository management tools","Performance testing"],"readme":"# Awesome Platform Engineering\n\n[![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re)\n[![License: CC0-1.0](https://img.shields.io/badge/License-CC0_1.0-lightgrey.svg)](http://creativecommons.org/publicdomain/zero/1.0/)\n\nA curated list of amazingly awesome Platform tools, resources and various shiny things.\n\n- [Awesome Platform Engineering](#awesome-platform-engineering)\n  - [Analytics](#analytics)\n  - [Application Security](#application-security)\n    - [API Fuzzing](#api-fuzzing)\n    - [DAST](#dast)\n      - [Language \\\u0026 Framework-specific DAST](#language--framework-specific-dast)\n    - [SAST](#sast)\n    - [SCA](#sca)\n    - [Secrets detection](#secrets-detection)\n    - [Supply chain security](#supply-chain-security)\n    - [Threat modelling](#threat-modelling)\n  - [API tools](#api-tools)\n  - [Artifact signing and attestation](#artifact-signing-and-attestation)\n  - [Bug tracking](#bug-tracking)\n  - [Chaos engineering](#chaos-engineering)\n  - [Chat and ChatOps](#chat-and-chatops)\n  - [Cloud cost management](#cloud-cost-management)\n  - [Cloud asset inventory](#cloud-asset-inventory)\n  - [Containers](#containers)\n    - [Shell into containers](#shell-into-containers)\n  - [Continuous deployment](#continuous-deployment)\n  - [Continuous integration](#continuous-integration)\n  - [Dashboards as code](#dashboards-as-code)\n  - [Dependency management](#dependency-management)\n    - [Build systems](#build-systems)\n  - [Diagrams as code](#diagrams-as-code)\n  - [Documentation as code](#documentation-as-code)\n  - [Endpoint validation](#endpoint-validation)\n  - [Git Tools](#git-tools)\n    - [Polyrepo operations tools](#polyrepo-operations-tools)\n    - [Repository management tools](#repository-management-tools)\n    - [Hook management tools](#hook-management-tools)\n  - [Identity and access management](#identity-and-access-management)\n  - [Infrastructure as code](#infrastructure-as-code)\n    - [Infrastructure as code generation](#infrastructure-as-code-generation)\n    - [Infrastructure from code](#infrastructure-from-code)\n  - [Internal developer platform](#internal-developer-platform)\n  - [Kafka](#kafka)\n  - [Kubernetes](#kubernetes)\n    - [Kubernetes IAM](#kubernetes-iam)\n    - [Kubernetes local development](#kubernetes-local-development)\n    - [Kubernetes runtime security](#kubernetes-runtime-security)\n    - [Kubernetes security posture management](#kubernetes-security-posture-management)\n    - [Kubernetes static analysis](#kubernetes-static-analysis)\n    - [Kubernetes templating](#kubernetes-templating)\n    - [Kubernetes testing](#kubernetes-testing)\n  - [Linting](#linting)\n    - [Terraform](#terraform)\n    - [Regex](#regex)\n  - [Observability](#observability)\n  - [Platform as a Service](#platform-as-a-service)\n  - [Policy as code](#policy-as-code)\n  - [Secrets management](#secrets-management)\n  - [Service catalogue](#service-catalogue)\n  - [Sharing](#sharing)\n  - [Status pages](#status-pages)\n  - [Testing](#testing)\n    - [A/B testing](#ab-testing)\n    - [Performance testing](#performance-testing)\n  - [Usage-based pricing](#usage-based-pricing)\n\n## Analytics\n\n*Product and customer analytic platforms.*\n\n- [June](https://june.so) - Product usage analytics platform\n- [Amplitude](https://amplitude.com) -  Product usage analytics platform\n\n## Application Security\n\n### API Fuzzing\n\n*API testing tools that use a fuzzing engine to generate various test inputs and possible request sequences.*\n\n- [OWASP ZAP](https://www.zaproxy.org/) - dynamic security testing and web app scanner\n- [Burpsuite](https://portswigger.net/burp) - The enterprise-enabled dynamic web vulnerability scanner\n- [Cherrybomb](https://github.com/blst-security/cherrybomb) - CLI tool that helps you avoid undefined user behaviour by validating your API specifications\n- [Restler](https://github.com/microsoft/restler-fuzzer) - stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs\n- [Dredd](https://github.com/apiaryio/dredd) - Language-agnostic HTTP API Testing Tool\n- [Schemathesis](https://github.com/schemathesis/schemathesis) - Specification-centric API testing tool for Open API and GraphQL-based applications\n- [Snapchange](https://github.com/awslabs/snapchange) - Lightweight fuzzing of a memory snapshot using KVM\n- [Onefuzz](https://github.com/microsoft/onefuzz) - A self-hosted Fuzzing-As-A-Service platform\n- [OSS-Fuzz](https://github.com/google/oss-fuzz) - continuous fuzzing for open source software\n- [GraphQLer](https://github.com/omar2535/GraphQLer) - A cutting edge context aware GraphQL API fuzzing tool\n\n### DAST\n\n*Dynamic application security testing tools.*\n\n- [OWASP ZAP](https://github.com/zaproxy/zaproxy) - automatically find security vulnerabilities in your web applications while you are developing and testing your applications\n- [Nikto2](https://github.com/sullo/nikto) - web server scanner\n- [Wapiti](https://github.com/wapiti-scanner/wapiti) - Web vulnerability scanner written in Python3\n- [Skipfish](https://github.com/spinkham/skipfish) - Web application security scanner created by lcamtuf for google - Unofficial Mirror [Deprecated]\n- [Jazzer](https://github.com/CodeIntelligenceTesting/jazzer/) - Coverage-guided, in-process fuzzing for the JVM\n- [CI Fuzz](https://www.code-intelligence.com/cli-tool) - CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line\n- [nuclei](https://github.com/projectdiscovery/nuclei) - Fast and customizable vulnerability scanner based on simple YAML based DSL\n\n#### Language \u0026 Framework-specific DAST\n\n- [paulveillard/cybersecurity-dynamic-analysis](https://github.com/paulveillard/cybersecurity-dynamic-analysis)\n- [analysis-tools-dev/dynamic-analysis](https://github.com/analysis-tools-dev/dynamic-analysis)\n\n### SAST\n\n*Static application security testing tools.*\n\n- [Shisho](https://github.com/flatt-security/shisho) - Lightweight static analyzer\n- [Purple panda](https://github.com/carlospolop/PurplePanda) - identify privilege escalation paths within and across different clouds\n- [opensourcesecurityindex.io](https://opensourcesecurityindex.io/)\n- [Privado](https://github.com/Privado-Inc/privado) - Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities \u0026 generate accurate Play Store Data Safety Report\n- [static-analysis](https://github.com/analysis-tools-dev/static-analysis) - A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality\n\n### SCA\n\n*Software composition analysis tools.*\n\n- [DependencyCheck](https://github.com/jeremylong/DependencyCheck) - software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies\n- [OpenSCA](https://github.com/XmirrorSecurity/OpenSCA-cli) - supports detection of open source component dependencies and vulnerabilities\n- [Dependency-track](https://github.com/DependencyTrack/dependency-track) - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain\n- [OSV scanner](https://github.com/google/osv-scanner) - Dependency vulnerability scanner written in Go which uses the data provided by [https://osv.dev](https://osv.dev)\n- [packj](https://github.com/ossillate-inc/packj) - Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies (\"weak links\") in your software supply-chain\n- [socket.dev](https://socket.dev/) - Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies\n- [nancy](https://github.com/sonatype-nexus-community/nancy) - A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index\n- [deps.dev](https://deps.dev/) - Google project for rating dependencies\n- [dep-scan](https://github.com/owasp-dep-scan/dep-scan) - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies\n- [depguard](https://github.com/OpenPeeDeeP/depguard) - Go linter that checks if package imports are in a list of acceptable packages\n\n### Secrets detection\n\n*Find leaked secrets in your git repositories, container images and filesystems.*\n\n- [Trufflehog](https://github.com/trufflesecurity/trufflehog) - Find leaked credentials\n- [Detect-secrets](https://github.com/Yelp/detect-secrets) - Yelp: An enterprise friendly way of detecting and preventing secrets in code\n- [Bridgecrew detect-secrets](https://github.com/bridgecrewio/detect-secrets) - Bridgecrew fork of yelp/detect-secrets\n- [Gitleaks](https://github.com/zricethezav/gitleaks) - SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos\n- [git-secrets](https://github.com/awslabs/git-secrets) - AWSLabs tool for detecting secrets in git. No longer maintained\n- [ggshield](https://github.com/GitGuardian/ggshield) - GitGuardian secrets detection.\n- [SecretScanner](https://github.com/deepfence/SecretScanner) - Deepfence SecretScanner can find unprotected secrets in container images or file systems. Integrated into [ThreatMapper 1.3.0](https://github.com/deepfence/ThreatMapper)\n- [DumpsterDiver](https://github.com/securing/DumpsterDiver) - Tool to search secrets in various filetypes. No longer maintained\n- [keyscope](https://github.com/SpectralOps/keyscope) - SpectralOps tool for secrets validation\n- [leaky-repo](https://github.com/Plazmaz/leaky-repo) - benchmarking repo with secrets in it to test and evaluate detection tools\n- [Skyscanner/whispers](https://github.com/Skyscanner/whispers) - Identify hardcoded secrets in static structured text\n- [auth0/repo-supervisor](https://github.com/auth0/repo-supervisor) - Scan your code for security misconfiguration, search for passwords and secrets\n- [Ocotopii](https://github.com/redhuntlabs/Octopii) - An AI-powered Personal Identifiable Information (PII) scanner\n- [secretlint](https://github.com/secretlint/secretlint) - Pluggable linting tool to prevent committing credentials.\n\n### Supply chain security\n\n*Supply chain security tools.*\n\n- [awesome supply chain security](https://github.com/bureado/awesome-software-supply-chain-security)\n- [chain-bench](https://github.com/aquasecurity/chain-bench) - open-source tool for auditing your software supply chain stack for security compliance based on a new CISs Software Supply Chain benchmark\n- [legitify](https://github.com/Legit-Labs/legitify) - Detect and remediate misconfigurations and security risks across all your GitHub assets\n- [steampipe (GitHub compliance mod)](https://github.com/turbot/steampipe-mod-github-compliance)\n- [OWASP dependency-check](https://github.com/jeremylong/DependencyCheck) - software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies\n- [harden-runner](https://github.com/step-security/harden-runner)- Security agent for GitHub-hosted runner: block egress traffic \u0026 detect code overwrite to prevent breaches\n- [scorecard](https://github.com/ossf/scorecard) - OpenSSF Scorecard - Security health metrics for Open Source\n- [CVE Prioritizer](https://github.com/TURROKS/CVE_Prioritizer)- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities\n- [ossf/allstar](https://github.com/ossf/allstar) - GitHub App to set and enforce security policies\n- [OSSGadget](https://github.com/microsoft/OSSGadget/tree/main) - Collection of tools for analyzing open source packages\n- [oak](https://github.com/project-oak/oak) - Oak is a software platform for building distributed systems providing externally verifiable (or falsifiable) claims about system behaviors in a transparent way\n\n### Threat modelling\n\n- [Deciduous](https://www.deciduous.app/) - security decision tree generator that serves as a threat modelling tool\n\n## API tools\n\n- [Vacuum](https://github.com/daveshanley/vacuum) - vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports\n- [Spectral](https://github.com/stoplightio/spectral) - A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI v3.1, v3.0, and v2.0 as well as AsyncAPI v2.x.\n- [SwaggerHub](https://swagger.io/tools/swaggerhub/)\n- [oasdiff](https://github.com/Tufin/oasdiff) - OpenAPI Diff and Breaking Changes\n- [openapi-diff](https://github.com/OpenAPITools/openapi-diff) - Utility for comparing two OpenAPI specifications.\n- [openapi-generator](https://github.com/openapitools/openapi-generator)- OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)\n- [ogen](https://github.com/ogen-go/ogen) - OpenAPI v3 code generator for go\n- [swagger-codegen](https://github.com/swagger-api/swagger-codegen) - swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.\n- [oapi-codegen](https://github.com/oapi-codegen/oapi-codegen) - Generate Go client and server boilerplate from OpenAPI 3 specifications\n- [speakeasy](https://speakeasyapi.dev) - Auto-generated SDKs, Terraform Providers, Docs \u0026 more\n- [goa](https://github.com/goadesign/goa) - Goa: Elevate Go API development! Streamlined design, automatic code generation, and seamless HTTP/gRPC support\n\n## Artifact signing and attestation\n\n*Sign, attest and verify artifacts to protect your software supply chain.*\n\nSee: [SLSA - Software Attestations](https://slsa.dev/attestation-model)\n\n- [Cosign](https://github.com/sigstore/cosign) - code signing and transparency for containers and binaries\n- [grafeas](https://github.com/grafeas/grafeas) - Artifact Metadata API to audit and govern software supply chains\n- [in-toto](https://github.com/in-toto/in-toto) -  a framework to protect supply chain integrity\n- [notary](https://github.com/notaryproject/notary) - project that allows anyone to have trust over arbitrary collections of data\n\n## Bug tracking\n\n*Bug tracking, triage and remediation tools.*\n\n- [Bugasura](https://bugasura.io/) - AI-powered issue tracker\n\n## Chaos engineering\n\n*The discipline of experimenting on a distributed system in order to build confidence in the system's capability to withstand turbulent conditions in production.*\n\n- [Chaos Toolkit](https://github.com/chaostoolkit) - the Open Source Platform for Chaos Engineering\n- [Chaos Monkey](https://github.com/Netflix/chaosmonkey) - a resiliency tool that helps applications tolerate random instance failures\n- [Toxiproxy](https://github.com/Shopify/toxiproxy) - simulate network and system conditions for chaos and resiliency testing\n- [Pumba](https://github.com/alexei-led/pumba) - chaos testing, network emulation and stress testing tool for containers\n- [Litmus](https://litmuschaos.io/ ) - Cloud Native Chaos Engineering platform\n- [KubeInvaders](https://kubernetes.io/blog/2020/01/22/kubeinvaders-gamified-chaos-engineering-tool-for-kubernetes/) - Chaotic fun\n\n## Chat and ChatOps\n\n*Chat and ChatOps.*\n\n- [Rocket](https://rocket.chat/) - open source team communication\n- [Mattermost](https://mattermost.com/) - messaging platform that enables secure team collaboration\n- [Zulip](https://zulipchat.com/) - real-time chat with an email threading model\n- [Riot](https://about.riot.im/) - a universal secure chat app entirely under your control\n- ChatOps:\n  - [CloudBot](https://github.com/CloudBotIRC/CloudBot) - simple, fast, expandable, open-source Python IRC Bot\n  - [Hubot](https://hubot.github.com/) - a customizable life embetterment robot\n  - [Lita](https://www.lita.io/) - a robot companion for your company's chat room\n  - [Botkube](https://github.com/kubeshop/botkube) - chat bot for Kubernetes\n  - [Rootly](https://rootly.com/) - Incident management in Slack\n\n## Cloud cost management\n\n*Automated cost management and cost visibility tools that offer deep insight into your cloud expenditure.*\n\n- [Infracost](https://www.infracost.io/) - Predict cost of infrastructure from Terraform code\n- [Terracost](https://github.com/cycloidio/terracost) - Cloud cost estimation for Terraform in your CLI\n- [Zesty](https://zesty.co/) - Automated cloud cost optimization for EC2 \u0026 RDS\n- [Vantage](https://vantage.sh/) - Automated cloud cost optimization\n- [Scalr](https://www.scalr.com/blog/terraform-cost-estimation) - Terraform platform that has cost-optimization features\n- [Finout](https://www.finout.io/) - Cloud cost monitoring platform\n- [Opencost](https://github.com/opencost/opencost) - Cross-cloud cost allocation models for Kubernetes workloads\n- [Harness Cloud Cost Management](https://harness.io/products/cloud-cost) - Detect and stop cloud cost anomalies as they occur\n- [Loft](https://loft.sh/features/sleep-mode-for-namespaces/) - Kubernetes automated cost savings\n- [usage.ai](https://usage.ai/) - Automated cloud cost optimization for EC2, RDS, ElasticSearch, RedShift\n- [cast.ai](https://cast.ai/) - Kubernetes automated cost savings\n\n## Cloud asset inventory\n\n*Cloud asset inventory and Cloud Security Posture Management (CPSM) tools.*\n\n- [Steampipe](https://steampipe.io/) - `# select * from cloud;`\n- [Resoto](https://github.com/someengineering/resoto) -  Resoto creates an inventory of your cloud, provides deep visibility, and reacts to changes in your infrastructure\n- [Cloudquery](https://www.cloudquery.io/) - Sync cloud assets to any database, transform and visualize\n- [Cloudgraph](https://github.com/cloudgraphdev/cli) - The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent\n- [Cloudmapper](https://github.com/duo-labs/cloudmapper) - CloudMapper helps you analyze your AWS environments\n- [AWS ClickOps notifier](https://github.com/cloudandthings/terraform-aws-clickops-notifier) - Get notified when users are taking actions in the AWS Console\n- [driftctl](https://github.com/snyk/driftctl) - Detect, track and alert on infrastructure drift\n- [Scoutsuite](https://github.com/nccgroup/ScoutSuite) - Multi-Cloud Security Auditing Tools\n- [prowler](https://github.com/prowler-cloud/prowler) - perform AWS security best practices assessments, audits, incident response, continuous monitoring\n- [saw](https://github.com/TylerBrock/saw) - Fast, multi-purpose tool for searching AWS CloudWatch Logs\n- [magpie](https://github.com/openraven/magpie) - Magpie is a free, open-source framework and a collection of community developed plugins that can be used to build complete end-to-end security tools such as a CSPM\n\n## Containers\n\n*Docker and general container tools.*\n\n- [Dockle](https://github.com/goodwithtech/dockle) - Docker image linting\n- [Container-scan](https://github.com/Azure/container-scan) - Dockle + Trivy [Deprecated]\n- [HadoLint](https://github.com/hadolint/hadolint) - Dockerfile linter, validate inline bash, written in Haskell\n- [docker-bench](https://github.com/docker/docker-bench-security) - checks for dozens of common best-practices\n- [aquasecurity/docker-bench](https://github.com/aquasecurity/docker-bench)\n- [Dive](https://github.com/wagoodman/dive) - A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image\n- [cadvisor](https://github.com/google/cadvisor) - Analyzes resource usage and performance characteristics of running containers\n- [Docker-slim](https://github.com/docker-slim/docker-slim) - Don't change anything in your Docker container image and minify it by up to 30x\n- [dfimage](https://github.com/LanikSJ/dfimage) - Reverse-engineer a Dockerfile from a Docker image\n- [Whaler](https://github.com/P3GLEG/Whaler) - Go program to reverse Docker images into Dockerfiles\n- [anchore-engine](https://github.com/anchore/anchore-engine) - A service that analyzes docker images and scans for vulnerabilities\n- [grype](https://github.com/anchore/grype) - A vulnerability scanner for container images and filesystems\n- [Trivy](https://github.com/aquasecurity/trivy) - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more\n- [docker-trim](https://github.com/tzickel/docker-trim) - create a trimmed docker image that contains only parts of the original file system of an existing docker image\n- [diffoci](https://github.com/reproducible-containers/diffoci) - diffoci compares Docker and OCI container images for helping reproducible builds\n- [tini](https://github.com/krallin/tini) - A tiny but valid `init` for containers\n- [ko](https://github.com/ko-build/ko) - ko is a simple, fast container image builder for Go applications\n- [go-containerregistry](https://github.com/google/go-containerregistry) - Google Go library for working with container images. Includes tools like `crane`, `gcrane`, `krane` \u0026 `k8schain`\n- [testcontainers](https://github.com/testcontainers) - open source framework for providing throwaway, lightweight instances of anything that can run in a Docker container\n- [distroless](https://github.com/GoogleContainerTools/distroless) - Language focused docker images, minus the operating system\n- [confidential-containers](https://github.com/confidential-containers/confidential-containers) - leverage Trusted Execution Environments to protect containers and data and to deliver cloud native confidential computing\n- [copacetic](https://github.com/project-copacetic/copacetic) - CLI tool for directly patching container images!\n- [runc](https://github.com/opencontainers/runc) -  CLI tool for spawning and running containers according to the OCI specification\n\n### Shell into containers\n\n- [cdebug](https://github.com/iximiuz/cdebug) - cdebug - a swiss army knife of container debugging\n- [docker-opener](https://github.com/artemkaxboy/docker-opener) - Shell-in to any docker container easily\n- [debug-ctr](https://github.com/felipecruz91/debug-ctr) - Command-line tool for interactive container troubleshooting\n- [docker-debug](https://github.com/zeromake/docker-debug) - troubleshooting running docker containers\n\n## Continuous deployment\n\n*Tools that enable declarative continuous deployment aka GitOps.*\n\n- [ArgoCD](https://github.com/argoproj/argo-cd) - Declarative continuous deployment for Kubernetes\n- [Flux](https://github.com/fluxcd/flux2) - Open and extensible continuous delivery solution for Kubernetes\n- [dagger](https://dagger.io/) - programmable CI/CD engine that runs your pipelines in containers\n\n## Continuous integration\n\n*CI platforms and release management tools.*\n\n- [Spacelift](https://spacelift.io/) - Spacelift is a sophisticated CI/CD platform for Terraform, CloudFormation, Pulumi, and Kubernetes\n- [atlantis](https://www.runatlantis.io/) - Terraform Pull Request Automation\n- [scalr](https://www.scalr.com/) - Terraform Cloud alternative\n- [env0](https://www.env0.com/) - Manage, deploy, scale, and control all your Terraform, Terragrunt, Pulumi, and related frameworks\n- [batect](https://github.com/batect/batect) - Build And Testing Environments as Code Tool\n- [autorelease](https://github.com/intuit/auto) - Release automation for GitHub\n- [cashapp/hermit](https://github.com/cashapp/hermit) - consistent tooling across environments\n- [meta/hermit](https://github.com/facebookexperimental/hermit) - hermetically isolated sandboxes to control program execution\n- [semantic-release](https://github.com/semantic-release/semantic-release) - Fully automated version management and package publishing\n- [release-please](https://github.com/googleapis/release-please) - generate release PRs based on the conventionalcommits.org spec\n- [git-cliff](https://github.com/orhun/git-cliff) - A highly customizable Changelog Generator that follows Conventional Commit specifications ⛰️\n\n## Dashboards as code\n\n*Tools that allow you to define and manage your observability dashboards in code.*\n\n- [Grafanalib](https://github.com/weaveworks/grafanalib) - Write Grafana dashboards in Python\n- [Grafonnet](https://github.com/grafana/grafonnet-lib) - Jsonnet library for generating Grafana dashboard files\n- [Steampipe - AWS Insights Mod](https://hub.steampipe.io/mods/turbot/aws_insights) - Create dashboards and reports for your AWS resources using Steampipe\n- [kennel](https://github.com/grosser/kennel) - Datadog monitors/dashboards/slos as code, avoid chaotic management via UI\n\n## Dependency management\n\n*Manage development environments, software dependencies and package versions.*\n\n- [Poetry](https://python-poetry.org/) - Python packaging and dependency management\n- [Renovate](https://github.com/renovatebot/renovate) - Universal dependency update tool that fits into your workflows\n- [Dependabot](https://github.com/dependabot/dependabot-core) - Automating dependency updates in multiple languages\n- [configrd](https://configrd.io/) - Sync configurations such as environment variables, application properties and secrets across build pipelines, services and environments\n- [tfenv](https://github.com/tfutils/tfenv) - Terraform version manager based on rbenv\n- [asdf](https://github.com/asdf-vm/asdf) - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang \u0026 more\n- [mise](https://github.com/jdx/mise) - development environment setup tool that manages dev tools, runtimes, envvars and task runners\n- [Devbox](https://github.com/jetpack-io/devbox) - command-line tool that lets you easily create isolated shells for development\n- [spack](https://github.com/spack/spack) - A flexible package manager that supports multiple versions, configurations, platforms, and compilers\n- [Lerna](https://lerna.js.org/) - Lerna is a tool for managing JavaScript projects with multiple packages, built on Yarn\n- [chezmoi](https://github.com/twpayne/chezmoi) - Manage your dotfiles across multiple diverse machines, securely\n- [knip](https://github.com/webpro/knip) - Find unused files, dependencies and exports in your JavaScript and TypeScript projects\n- [just](https://github.com/casey/just) - just is a handy way to save and run project-specific commands\n- [changesets](https://github.com/changesets/changesets) - A way to manage your versioning and changelogs with a focus on monorepos\n- [earthly](https://github.com/earthly/earthly) - Super simple build framework with fast, repeatable builds and an instantly familiar syntax – like Dockerfile and Makefile had a baby.\n\n### Build systems\n\n- [Bazel](https://bazel.build/) - Bazel is Google's monorepo-oriented build system\n- [buck2](https://github.com/facebook/buck2) - Buck2 is a fast, hermetic, multi-language build system designed by Meta\n- [pants](https://github.com/pantsbuild/pants) - a monorepo-oriented build system, used by Twitter, Foursquare and multiple other companies\n- [Nx](https://github.com/nrwl/nx) - Nx is a build system with built-in tooling and advanced CI capabilities. It helps you maintain and scale monorepos, both locally and on CI\n\n## Diagrams as code\n\n*Tools that allow you to draw system architecture diagrams in code, allowing you to track and share your diagrams in any SCM.*\n\n- [structurizr](https://structurizr.org/) - Diagrams as code 2.0\n- [Brainboard](https://www.brainboard.co/features/from-design-to-code) - Diagrams to Terraform code\n- [Pluralith](https://github.com/Pluralith/pluralith-cli) - Terraform to diagrams\n- [cdk-dia](https://github.com/pistazie/cdk-dia)- CDK to diagrams\n- [cfn-diagram](https://github.com/mhlabs/cfn-diagram) - CFN to diagrams\n- [mingrammer/diagrams](https://github.com/mingrammer/diagrams) - Draw diagrams in Python code\n- [Mermaid](https://github.blog/2022-02-14-include-diagrams-markdown-files-mermaid/) - simple diagrams and flowcharts in Markdown\n- [ascii flow](https://asciiflow.com/#/) - ASCII editor\n- [PlantUML](https://github.com/plantuml/plantuml) - Create diagrams from plaintext language\n- [Markmap](https://markmap.js.org/rep) - visualize your Markdown as minimaps\n- [Go diagrams](https://github.com/blushft/go-diagrams) - create system diagrams with Go\n- [GraphViz](https://dreampuf.github.io/GraphvizOnline) - create system diagrams in DOT language\n- [Cloudcraft](https://www.cloudcraft.co/) - Create AWS diagrams from deployed infrastructure\n- [Inframap](https://github.com/cycloidio/inframap) - Read your tfstate or HCL to generate a graph specific for each provider\n\n## Documentation as code\n\n*Generate documentation automatically from code.*\n\n- [Doxygen](https://doxygen.nl/) - generate docs from annotated C++ code\n- [JavaDoc](https://dev.java/learn/javadoc---the-documentation-generator/) - generate docs from Java code\n- [terraform docs](https://terraform-docs.io/) - generate docs from Terraform code\n- [glow](https://github.com/charmbracelet/glow) -  terminal based markdown reader designed for the CLI\n- [runme](https://github.com/stateful/runme) - Execute your runbooks, docs, and READMEs\n\n## Endpoint validation\n\n*Is it up or not?*\n\n- [Goss](https://github.com/aelsabbahy/goss) - quick and easy server validation\n- [Prometheus Blackbox exporter](https://github.com/prometheus/blackbox_exporter) - Blackbox prober exporter\n\n## Git Tools\n\n*Tools that can help you do stuff in Git.*\n\n### Polyrepo operations tools\n\n- [git-xargs](https://github.com/gruntwork-io/git-xargs)\n- [microplane](https://github.com/Clever/microplane)\n- [all-repos](https://github.com/asottile/all-repos)\n- [mu-repo](https://github.com/fabioz/mu-repo)\n- [multi-gitter](https://github.com/lindell/multi-gitter)\n\n### Repository management tools\n\n- [pull](https://github.com/wei/pull) - Keep your forks up-to-date via automated PRs\n- [git-of-theseus](https://github.com/erikbern/git-of-theseus) - Analyze how a Git repo grows over time\n- [bash-git-prompt](https://github.com/magicmonty/bash-git-prompt) - An informative and fancy bash prompt for Git users\n- [comby](https://github.com/comby-tools/comby) - A code rewrite tool for structural search and replace that supports ~every language\n\n### Hook management tools\n\n- [pre-commit](http://pre-commit.com/) - a framework for managing and maintaining multi-language pre-commit hooks from Yelp\n- [Overcommit](https://github.com/brigade/overcommit/) - an extendable Git hook manager written with Ruby\n- [quickhook](https://github.com/dirk/quickhook/) - a fast, Unix'y, opinionated Git hook runner\n- [husky](https://github.com/typicode/husky) - Git hooks for Node.js, manage your hooks from your package.json\n- [Mookme](https://github.com/Escape-Technologies/mookme) - A simple and easy-to-use, yet powerful and language agnostic git hook for monorepos\n- [lint-staged](https://github.com/lint-staged/lint-staged) - run linters on git staged files\n- [lefthook](https://github.com/evilmartians/lefthook) - Fast and powerful Git hooks manager for any type of projects\n\n## Identity and access management\n\n*IAM platforms, tools and systems.*\n\n- [Teleport](https://goteleport.com/)\n- [IAMAlive](https://github.com/iann0036/iamlive) - Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy\n- [Ermetic](https://ermetic.com/) - Holistic IAM protection for AWS, Azure and Google Cloud\n- [Pike](https://github.com/jamesWoolfenden/pike) - Pike is a tool for determining the permissions or policy required for IAC code\n- [AirAM](https://github.com/bridgecrewio/AirIAM) - Least privilege AWS IAM Terraformer\n- [IAM Floyd](https://github.com/udondan/iam-floyd) - AWS IAM policy statement generator with fluent interface\n- [repokid](https://github.com/Netflix/repokid) -  AWS IAM usage monitor\n- [aardvark](https://github.com/Netflix-Skunkworks/aardvark) - Aardvark is a multi-account AWS IAM Access Advisor API (and caching layer)\n- [Trailscraper](https://github.com/flosell/trailscraper/) - A command-line tool to get valuable information out of AWS CloudTrail\n- [CloudTracker](https://github.com/duo-labs/cloudtracker) - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies\n- [Cloudsplaining](https://github.com/salesforce/cloudsplaining) - AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report\n- [Parliament](https://github.com/duo-labs/parliament) - AWS IAM policy linter\n- [PMapper](https://github.com/nccgroup/PMapper) - AWS IAM privilege escalation mapping\n- [Policy Sentry](https://github.com/salesforce/policy_sentry) - IAM Least Privilege Policy Generator\n\n## Infrastructure as code\n\n- [Terraform](https://github.com/hashicorp/terraform) - Terraform is a tool for building, changing, and versioning infrastructure\n- [OpenTofu](https://github.com/opentofu/opentofu) - OSS Terraform fork that lets you declaratively manage your cloud infrastructure\n- [AWS CDK](https://github.com/aws/aws-cdk) - The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code\n- [Pulumi](https://github.com/pulumi/pulumi) - Infrastructure as Code in any programming language\n- [sst](https://github.com/sst/sst) - Build modern full-stack applications on AWS\n- [ion](https://github.com/sst/ion) - ❍ — an experimental new engine for SST\n- [Sceptre](https://github.com/Sceptre/sceptre) - sceptre is a tool to drive AWS CloudFormation\n\n### Infrastructure as code generation\n\n*Generate infrastucture code from existing manually-created cloud resources.*\n\n- [Former2](https://github.com/iann0036/former2) - generate CloudFormation/Terraform from existing AWS resources\n- [Terraformer](https://github.com/GoogleCloudPlatform/terraformer) - CLI tool to generate terraform files from existing infrastructure\n- [Terracognita](https://github.com/cycloidio/terracognita) - generates Terraform from existing AWS resources\n- [Firefly](https://www.gofirefly.io/pricing) - Cloud asset management solution\n- [k2tf](https://github.com/sl1pm4t/k2tf) - Kubernetes YAML to Terraform HCL converter\n\n### Infrastructure from code\n\n*Generate infrastructure code from application code or runtime.*\n\n- [nitric](https://www.github.com/nitrictech/nitric) - multi-language framework for cloud applications with infrastructure from code\n\n## Internal developer platform\n\n*Tools that contribute to an internal developer platform (IDP), a self-service layer of tools, services and processes that supports and accelerates your software development.*\n\n- [Drone](https://www.drone.io/) - self-service Continuous Integration platform\n- [Shipa](https://shipa.io/) - modern application delivery platform\n- [KubeVela](https://github.com/kubevela/kubevela) - modern application delivery platform\n- [Ketch](https://www.theketch.io/) - Kubernetes application delivery platform\n- [Humanitec](https://humanitec.com/) - Internal developer platform orchestrator\n- [Nais](https://nais.io/) - application delivery platform\n- [Garden](https://github.com/garden-io/garden) - simplify Kubernetes delivery\n- [Massdriver](https://www.massdriver.cloud/) - visual IDP that enables engineers to deploy production-ready cloud infrastructure and applications in minutes\n\n## Kafka\n\n*Apache Kafka management tools.*\n\n- [burrow](https://github.com/linkedin/Burrow) - Kafka Consumer Lag Checking\n- [schema-registry](https://github.com/confluentinc/schema-registry) - Confluent Schema Registry for Kafka\n- [topicctl](https://github.com/segmentio/topicctl) - Tool for declarative management of Kafka topics\n- [kaf](https://github.com/birdayz/kaf) - Modern CLI for Apache Kafka, written in Go\n- [franz-go](https://github.com/twmb/franz-go) - franz-go contains a feature complete, pure Go library for interacting with Kafka from 0.8.0 through 3.6+. Producing, consuming, transacting, administrating, etc.\n- [bento](https://github.com/warpstreamlabs/bento) - Fancy stream processing made operationally mundane\n- [heetch/avro](https://github.com/heetch/avro) - Avro codec and code generation for Go\n- [Karapace](https://github.com/Aiven-Open/karapace) - supports the storing of schemas in a central repository, which clients can access to serialize and deserialize messages\n- [xk6-kafka](https://github.com/mostafa/xk6-kafka) - k6 extension to load test Apache Kafka with support for various serialization formats, SASL, TLS, compression, Schema Registry client and beyond\n- [kroxylicious](https://github.com/kroxylicious/kroxylicious) - An open-source network proxy framework for Apache Kafka\n\n## Kubernetes\n\n*Kubernetes management tools.*\n\n- [lens](https://github.com/lensapp/lens) - IDE for kubernetes\n- [kubestack](https://www.kubestack.com/) - a collection of Terraform modules and a dedicated Terraform provider to maintain both infra and services together\n- [Keda](https://keda.sh/) - Event Driven Autoscaler\n- [ket](https://github.com/apprenda/kismatic) - Kismatic Enterprise Toolkit: a set of production-ready defaults and best practice tools for creating enterprise-tuned Kubernetes clusters\n- [flagger](https://flagger.app/) - Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)\n- [cdk8s](https://github.com/cdk8s-team/cdk8s) - Define Kubernetes native apps and abstractions using object-oriented programming\n\n### Kubernetes IAM\n\n- [Kubiscan](https://github.com/cyberark/KubiScan) - A tool to scan Kubernetes cluster for risky permissions\n- [rbac-police](https://github.com/PaloAltoNetworks/rbac-police) - Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego\n\n### Kubernetes local development\n\n- [Oktekto](https://github.com/okteto/okteto) - Develop your applications directly in your Kubernetes Cluster\n- [Tilt](https://github.com/tilt-dev/tilt) - Define your dev environment as code. For microservice apps on Kubernetes\n- [Garden](https://github.com/garden-io/garden) - Spin up production-like environments for development, testing, and CI on demand\n- [Telepresence](https://github.com/telepresenceio/telepresence) - Local development against a remote Kubernetes or OpenShift cluster\n- [Skaffold](https://github.com/GoogleContainerTools/skaffold) - Easy and Repeatable Kubernetes Development\n- [Kardinal](https://github.com/kurtosis-tech/kardinal) - Kardinal is an open-source framework for creating extremely lightweight ephemeral development environments within a shared Kubernetes cluste\n\n### Kubernetes runtime security\n\n- [tracee](https://github.com/aquasecurity/tracee) - Linux Runtime Security and Forensics using eBPF\n- [falco](https://github.com/falcosecurity/falco) - Cloud Native Runtime Security\n- [kubespy](https://github.com/pulumi/kubespy) - Tools for observing Kubernetes resources in real time, powered by Pulumi\n- [inspektor-gadget](https://github.com/inspektor-gadget/inspektor-gadget) - eBPF security inspection tool\n- [Mizu](https://github.com/up9inc/mizu/tree/main) - API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes\n\n### Kubernetes security posture management\n\n- [pluto](https://github.com/FairwindsOps/pluto) - A cli tool to help discover deprecated apiVersions in Kubernetes\n- [kubent](https://github.com/doitintl/kube-no-trouble) - Easily check your clusters for use of deprecated APIs\n- [Popeye](https://github.com/derailed/popeye) - A Kubernetes cluster resource sanitizer\n- [kube-bench](https://github.com/aquasecurity/kube-bench) - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark\n- [kube-no-trouble](https://github.com/doitintl/kube-no-trouble) - Easily check your clusters for use of deprecated APIs\n- [nova](https://github.com/FairwindsOps/Nova) - Find outdated or deprecated Helm charts running in your cluster\n- [hardeneks](https://github.com/aws-samples/hardeneks) - Runs checks to see if an EKS cluster follows EKS Best Practices\n- [kbom](https://github.com/ksoclabs/kbom) - SBOM for Kubernetes\n- [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) - A Kubernetes controller and tool for one-way encrypted Secrets\n- [external-secrets](https://github.com/external-secrets/external-secrets) - External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets\n- [namespacehound](https://github.com/wiz-sec-public/namespacehound) - tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters\n- [eraser](https://github.com/eraser-dev/eraser) - Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster\n\n### Kubernetes static analysis\n\n- [KubeLinter](https://github.com/stackrox/kube-linter) - static analysis tool that checks Kubernetes YAML files and Helm charts\n- [Kubeconform](https://github.com/yannh/kubeconform) - A FAST Kubernetes manifests validator, with support for Custom Resources!\n- [Kubescape](https://github.com/kubescape/kubescape) - K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning\n- [Kubeclarity](https://github.com/openclarity/kubeclarity) - detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems\n\n### Kubernetes templating\n\n- [helm](https://github.com/helm/helm) - The Kubernetes Package Manager\n- [helmfile](https://github.com/helmfile/helmfile) - Deploy Kubernetes Helm Charts\n- [helm-unittest](https://github.com/helm-unittest/helm-unittest) - BDD styled unit test framework for Kubernetes Helm charts as a Helm plugin\n- [kustomize](https://github.com/kubernetes-sigs/kustomize) - Customization of kubernetes YAML configurations\n- [ytt](https://github.com/carvel-dev/ytt) - YAML templating tool that works on YAML structure instead of text\n- [timoni](https://github.com/stefanprodan/timoni) - Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm\n- [tanka](https://github.com/grafana/tanka) - Flexible, reusable and concise configuration for Kubernetes using Jsonnet\n- [kluctl](https://github.com/kluctl/kluctl/) - The missing glue to put together large Kubernetes deployments, composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unified way\n\n### Kubernetes testing\n\n- [Testkube](https://github.com/kubeshop/testkube) - Kubernetes-native framework for test definition and execution\n- [Kuberhealthy](https://github.com/kuberhealthy/kuberhealthy) - A Kubernetes operator for running synthetic checks as pods\n\n## Linting\n\n*Linting tools to ensure high code quality.*\n\n- [megalinter](https://megalinter.io/latest/supported-linters/) - MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues\n- [reviewdog](https://github.com/reviewdog/reviewdog) - Automated code review tool integrated with any code analysis tools regardless of programming language\n- [error-prone](https://github.com/google/error-prone) - Catch common Java mistakes as compile-time errors\n- [clang-tidy](https://clang.llvm.org/extra/clang-tidy/index.html)- C++ linter\n- [metabob](https://metabob.com/) - AI coding assistant that uses a combination of graph-attention networks and generative AI to facilitate code review and quality\n- [Danger JS](https://github.com/danger/danger-js) - Danger runs after your CI, automating your team's conventions surrounding code review\n\n### Terraform\n\n- [tflint](https://github.com/terraform-linters/tflint) - Terraform linter\n- [tfautomv](https://github.com/padok-team/tfautomv) - Generate Terraform moved blocks automatically for painless refactoring\n- [Awesome terraform](https://github.com/shuaibiyy/awesome-terraform) - Definitive list of Terraform tools\n- [terraform visual](https://github.com/hieven/terraform-visual) -  beautifies barely readable output from `terraform graph`\n- [terrakube](https://terrakube.org) - OSS alternative to Terraform Cloud\n- [hatchet](https://hatchet.run/) - OSS alternative to Terraform Cloud\n- [OTF](https://github.com/leg100/otf) - OSS alternative to Terraform Cloud\n- [digger](https://github.com/diggerhq/digger) - state aware Terraform orchestrator\n- [terralist](https://github.com/terralist/terralist) -  Terraform Private Registry for modules and providers manageable from a REST API\n\n### Regex\n\n- [AutoRegex](https://www.autoregex.xyz/) - convert english to regex\n\n## Observability\n\n*Platforms and tools that help provide visibility into modern distributed applications.*\n\n- [vector](https://github.com/vectordotdev/vector) - A high-performance observability data pipeline\n- [datadog](https://www.datadoghq.com/) - leading ($$$$) monitoring and security platform\n- [kiali](https://github.com/kiali/kiali) - observability for the Istio service mesh\n- [cilium](https://github.com/cilium/cilium) - eBPF-based Networking, Security, and Observability\n- [thanos](https://github.com/thanos-io/thanos) - Highly available Prometheus setup with long term storage capabilities\n- [otelbin](https://github.com/dash0hq/otelbin) - Web-based tool to facilitate OpenTelemetry collector configuration editing and verification\n- [openobserve](https://github.com/openobserve/openobserve) - cloud-native observability platform built specifically for logs, metrics, traces, analytics, RUM (Real User Monitoring - Performance, Errors, Session Replay) designed to work at petabyte scale\n\n## Platform as a Service\n\n*PaaS offerings that aren't public cloud hyperscalers.*\n\n- [Section](https://www.section.io/) - simple distributed hosting solution that automatically balances traffic across regions (control plane of control planes)\n- [Netlify](https://www.netlify.com/) - cloud application platform\n- [Heroku](https://www.heroku.com/) - cloud application platform\n- [Kamatera](https://www.kamatera.com/) - Create servers and more, in less than 60 seconds\n- [Sloppy](https://sloppy.io/en/) - Managed  Docker Hosting - fast, simple and secure\n- [Vultr](https://www.vultr.com/apps/docker?ref=7283626) - Deploy Docker Apps in One-Click\n- [StackPath](https://www.stackpath.com/) - run your cloud workloads at the edge\n- [Otomi](https://otomi.io/) - Self-hosted PaaS for Kubernetes\n- [Replicated](https://www.replicated.com/) - Distribution Platform for Customer Controlled Software\n\n## Policy as code\n\n*Declare policies in a high-level programming language so you can version, test and automatically deploy them.*\n\n- [Cyral](https://cyral.com/blog/unlocking-security-as-code-by-using-github-for-managing-cyral-policies/)\n- [Kyverno](https://github.com/kyverno/kyverno) - Kubernetes Native Policy Management\n- [Datree](https://www.datree.io/) - Policy as code engine for Kubernetes. Enterprise support available\n- [Magtape](https://github.com/tmobile/magtape) - Policy as code engine for Kubernetes\n- [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) - Gatekeeper is a Policy Controller for Kubernetes\n- [Cloud Custodian](https://github.com/cloud-custodian/cloud-custodian) - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources\n- [Hashicorp Sentinel](https://www.hashicorp.com/sentinel) - Policy as code framework for HashiCorp Enterprise Products\n\n## Secrets management\n\n*Sensitive credentials and secrets that need to be managed, secured, maintained and rotated using automation.*\n\n- [Sops](https://github.com/mozilla/sops) - simple and flexible tool for managing secrets\n- [Vault](https://www.hashicorp.com/products/vault/) - manage secrets and protect sensitive data\n- [Keybase](https://keybase.io/) - end-to-end encrypted chat and cloud storage system\n- [Vault Secrets Operator](https://github.com/ricoberger/vault-secrets-operator) - create Kubernetes secrets from Vault for a secure GitOps based workflow\n- [Git Secret](https://github.com/sobolevn/git-secret) - a bash-tool to store your private data inside a git repository\n- [Keyscope](https://github.com/SpectralOps/keyscope) - a key and secret workflow (validation, invalidation, etc.) tool built in Rust\n- [Teller](https://github.com/tellerops/teller) - Cloud native secrets management for developers - never leave your command line for secrets\n- [sops](https://github.com/mozilla/sops) - Simple and flexible tool for managing secrets\n- [deepsecrets](https://github.com/avito-tech/deepsecrets) - Secrets scanner that understands code\n- [doppler](https://www.doppler.com/) - Platform for Secrets management\n- [chamber](https://github.com/segmentio/chamber) - CLI for managing secrets\n\n## Service catalogue\n\n*Allow developers to manage their software, infrastructure and documentation in one central place.*\n\n- [Backstage](https://backstage.io/) - Backstage is an open platform for building developer portals\n- [Cortex](https://www.cortex.io/) - Cortex makes it easy for engineering organisations to gain visibility into their services\n- [OpsLevel](https://www.opslevel.com/) - OpsLevel is the developer platform for teams to own, operate, and understand their production infrastructure\n- [Clutch](https://clutch.sh/) - An extensible platform for infrastructure management\n- [Port](https://getport.io/) - Internal developer portal that gives you the flexibility to run any aspect of engineering\n\n## Sharing\n\n*A collection of tools to help with sharing knowledge and telling the story in Markdown, AsciiDoc or RestructuredText.*\n\n- [Gitbook](https://github.com/GitbookIO/gitbook) - modern documentation format and toolchain using Git and Markdown\n- [Mintlify](https://mintlify.com/) - modern standard for public facing documentation\n- [Docusaurus](https://github.com/facebook/docusaurus) - easy to maintain open source documentation websites\n- [Docsify](https://github.com/docsifyjs/docsify/) - a magical documentation site generator\n- [MkDocs](https://github.com/mkdocs/mkdocs/) - project documentation with Markdown\n- [Obsidian](https://obsidian.md/) - markdown knowledge base\n- [Typora](https://typora.io/) - Markdown editor\n- [Docz](https://github.com/doczjs/docz/tree/new) - Create MDX files showcasing your code and Docz turns them into a live-reloading, production-ready site\n- [Antora](https://antora.org/) - The multi-repository documentation site generator for tech writers who write in AsciiDoc\n- [tldraw](https://www.tldraw.com/) - draw things quick\n- [excalidraw](https://excalidraw.com/) - hand-drawn look and feel diagrams\n- [vale](https://github.com/errata-ai/vale) - A markup-aware linter for prose built with speed and extensibility in mind\n- [runme](https://github.com/stateful/runme) - Runme is a tool that makes runbooks actually runnable, making it easier to follow step-by-step instructions\n- [mdBook](https://github.com/rust-lang/mdBook) -  Create book from markdown files. Like Gitbook but implemented in Rust\n\n## Status pages\n\n*Communication tool that helps you inform your customers or users about outages and scheduled maintenance.*\n\n- [cachet](https://github.com/cachethq/cachet) - The open-source status page system\n- [instatus](https://instatus.com/) - Get a beautiful status page in 10 seconds, without paying thousands of dollars!\n- [Atlassian Statuspage](https://www.atlassian.com/software/statuspage) - the #1 status and incident communication tool\n- [PagerDuty status page](https://status.pagerduty.com/)\n\n## Testing\n\n- [QA Wolf](https://www.qawolf.com/) - QA Wolf gets web apps to 80% automated end-to-end test coverage in weeks, not years\n- [gretel](https://gretel.ai/) - Generate artificial, synthetic datasets with the same characteristics as real data\n- [shadowtraffic](https://shadowtraffic.io/) - Rapidly simulate production traffic to your backend\n\n### A/B testing\n\n*Feature flags and two-sample hypothesis testing.*\n\n- [Optimizely](https://www.optimizely.com/) - A/B testing at scale\n- [VWO Testing](https://vwo.com/testing/) - A/B testing\n- [Split](https://www.split.io/product/feature-flags/) - managed feature flags and rollouts\n- [Sitespect](https://www.sitespect.com/testing-and-experimentation/) - A/B testing and site optimization\n- [Flagsmith](https://github.com/Flagsmith/flagsmith) - Flagsmith is an open source feature flagging and remote config service.\n- [Unleash](https://github.com/Unleash/unleash) - Open-source feature management platform\n- [OpenFeature](https://github.com/open-feature/spec) - OpenFeature is an open specification that provides a vendor-agnostic, community-driven API for feature flagging that works with your favorite feature flag management tool or in-house solution.\n\n### Performance testing\n\n*Load, stress \u0026 soak testing, and profiling tools. Does it run? Does it scale?*\n\n- [k6](https://k6.io/) - cloud-native load tests written in JS\n- [Artillery](https://www.artillery.io/) - cloud-scale performance testing\n- [Jmeter](https://jmeter.apache.org/) - 20+ years of solid Java testing\n- [Gatling](https://github.com/gatling/gatling) - Java based load testing as code. Note: slower than newer alternatives\n- [Tsung](https://github.com/processone/tsung) - high-performance benchmark and stress testing tool\n- [Locust](https://locust.io/) - modern load testing in Python\n- [LoadRunner](https://software.microfocus.com/en-us/products/loadrunner-load-testing/overview) - Load testing tool from Micro Focus\n- [TCPCopy](https://github.com/session-replay-tools/tcpcopy) - TCP stream replay tool to support real testing of Internet server applications\n- [Siege](https://www.joedog.org/siege-home/) - HTTP load testing and benchmarking utility\n- [Wrk](https://github.com/wg/wrk) - Modern HTTP benchmarking tool\n- [Web Bench](http://home.tiscali.cz/~cz210552/webbench.html) - Web Bench is very simple tool for benchmarking WWW or proxy servers\n- [fgprof](https://github.com/felixge/fgprof) - fgprof is a sampling Go profiler that allows you to analyze On-CPU as well as Off-CPU (e.g. I/O) time together.\n- [perfetto](https://github.com/google/perfetto) - Production-grade client-side tracing, profiling, and analysis for complex software systems.\n\n## Usage-based pricing\n\n*Tools that help with managing usage-based pricing.*\n\nSee: [Use It or Lose It: Why Usage-Based Pricing](https://rosslazer.com/posts/use-it-or-lose-it-p1/)\n\n- [OpenMeter](https://github.com/openmeterio/openmeter) - Usage Metering for AI, DevOps, and Billing. Built for engineers to collect and aggregate millions of events in real-time\n- [Amberflo](https://www.amberflo.io/) - Amberflo provides the most advanced and comprehensive platform for building and deploying usage-based pricing\n- [Stigg](https://www.stigg.io) - Instantly build any pricing plan, gauge access control, introduce paywalls and customer portals\n- [Lago](https://github.com/getlago/lago) - Open Source Metering and Usage Based Billing\n- [Ordway](https://ordwaylabs.com/products/usage-based-billing-software/) - Invoice based upon consumption of cloud services\n- [Metronome](https://metronome.com/)\n- [octane](https://www.getoctane.io/)\n- [orb](https://www.withorb.com/)\n- [lago](https://www.getlago.com/)\n- [chargebee](https://www.chargebee.com/recurring-billing-invoicing/metered-usage-billing/?ref=navbar)\n- [moesif](https://www.moesif.com/)\n","projects_url":"https://awesome.ecosyste.ms/api/v1/lists/dstrates%2Fawesome-platform-engineering/projects"}