{"id":33546443,"url":"https://github.com/penguintechinc/elder","last_synced_at":"2026-04-07T18:01:31.065Z","repository":{"id":320466256,"uuid":"1081980709","full_name":"penguintechinc/elder","owner":"penguintechinc","description":"  Elder is an enterprise-grade assest, entity and relationship tracking system for modern infrastructure teams. Built with Python 3.13, Flask, PyDAL, and React +   TypeScript, Elder provides powerful visualization and management of complex organizational hierarchies, infrastructure dependencies, and project workflows.  ","archived":false,"fork":false,"pushed_at":"2026-04-03T15:21:11.000Z","size":19114,"stargazers_count":2,"open_issues_count":27,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-03T18:35:07.906Z","etag":null,"topics":["asset-management","identity-management","project-management","python","reactjs","relationships","security","security-tools","services-platform","software-inventory"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/penguintechinc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2025-10-23T15:04:00.000Z","updated_at":"2026-03-28T14:32:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"7cbf2642-f88a-418d-a885-e283fdda5973","html_url":"https://github.com/penguintechinc/elder","commit_stats":null,"previous_names":["penguintechinc/elder"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/penguintechinc/elder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Felder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Felder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Felder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Felder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/penguintechinc","download_url":"https://codeload.github.com/penguintechinc/elder/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/penguintechinc%2Felder/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31522574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asset-management","identity-management","project-management","python","reactjs","relationships","security","security-tools","services-platform","software-inventory"],"created_at":"2025-11-27T05:06:28.092Z","updated_at":"2026-04-07T18:01:30.600Z","avatar_url":"https://github.com/penguintechinc.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Elder\n\n[![Continuous Integration](https://github.com/penguintechinc/elder/actions/workflows/ci.yml/badge.svg)](https://github.com/penguintechinc/elder/actions/workflows/ci.yml)\n[![Docker Build](https://github.com/penguintechinc/elder/actions/workflows/docker-build.yml/badge.svg)](https://github.com/penguintechinc/elder/actions/workflows/docker-build.yml)\n[![Test Coverage](https://codecov.io/gh/penguintechinc/elder/branch/main/graph/badge.svg)](https://codecov.io/gh/penguintechinc/elder)\n[![Version](https://img.shields.io/badge/version-3.1.5-green.svg)](https://github.com/penguintechinc/elder/releases)\n[![Python](https://img.shields.io/badge/python-3.13-blue.svg)](https://www.python.org/downloads/)\n[![Node.js](https://img.shields.io/badge/node.js-18+-green.svg)](https://nodejs.org/)\n[![License: Limited AGPL v3](https://img.shields.io/badge/License-Limited_AGPL_v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)*\n[![Docker](https://img.shields.io/badge/docker-latest-blue.svg)](https://hub.docker.com/r/penguintechinc/elder)\n[![MariaDB Galera](https://img.shields.io/badge/MariaDB_Galera-supported-green.svg)](https://mariadb.com/kb/en/galera-cluster/)\n\n_*Limited AGPL v3 with preamble for fair use - Personal and Internal Use Only_\n\n```\n███████╗██╗     ██████╗ ███████╗██████╗\n██╔════╝██║     ██╔══██╗██╔════╝██╔══██╗\n█████╗  ██║     ██║  ██║█████╗  ██████╔╝\n██╔══╝  ██║     ██║  ██║██╔══╝  ██╔══██╗\n███████╗███████╗██████╔╝███████╗██║  ██║\n╚══════╝╚══════╝╚═════╝ ╚══════╝╚═╝  ╚═╝\n\nResource, Entity, Element \u0026 Relationship Tracking System\n```\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"Elder-Logo.png\" alt=\"Elder Logo\" width=\"200\"\u003e\n\u003c/p\u003e\n\n\u003e **Enterprise-grade infrastructure dependency tracking and visualization**\n\n**Elder** is a comprehensive resource, entity, element, and relationship tracking system designed for modern infrastructure management. Track dependencies, visualize relationships, and maintain control across complex organizational structures.\n\n\u003e ✅ **MariaDB Galera Cluster Compatible** - Full support for multi-master replication and high-availability deployments\n\n🌐 **[Website](https://elder.penguintech.io)** | 📚 **[Documentation](https://elder-docs.penguintech.io)** | 💬 **[Discussions](https://github.com/penguintechinc/elder/discussions)**\n\n## Overview\n\nElder provides visibility into your infrastructure and organizational relationships through:\n\n### Resource Types (Dedicated Models)\nResources have dedicated database models with specialized schemas for better data modeling:\n\n- **Identity**: Users, service accounts, API keys with multi-provider sync (Okta, LDAP, AWS, GCP)\n- **Software**: Track applications, libraries, and tools with SBOM integration\n- **Services**: Microservices with endpoints, health checks, and on-call rotations\n- **Network**: VPCs, subnets, firewalls, load balancers with topology mapping\n- **IPAM**: IP address management with prefixes, addresses, and VLANs\n- **Data Stores**: S3, GCS, Azure Blob, NAS, SAN, databases with compliance metadata (PII, PHI, PCI)\n\n### Entity Types (Generic Tracking)\nEntities use a flexible schema for infrastructure components:\n\n| Category | Sub-types |\n|----------|-----------|\n| **Network** | Subnet, Firewall, Proxy, Router, Switch, Hub, Tunnel, Route Table, VRRF, VXLAN, VLAN, Namespace |\n| **Compute** | Server, Serverless, Laptop, Mobile, Desktop, Kubernetes Node, VM, K8s Cluster, Function Run |\n| **Storage** | Hard Disk, NVMe, SSD, Virtual Disk, External Drive, Database, Caching, Queue System |\n| **Datacenter** | Public VPC, Private VPC, Physical, Closet |\n| **Security** | Vulnerability, Architectural, Config, Compliance, Code, Regulatory |\n\n### Elements (Supporting Items)\n- **Issues**: Problem/task tracking attached to any resource or entity\n- **Labels**: Categorization and tagging system\n- **Metadata Fields**: Custom properties for extensibility\n- **Dependencies**: Relationship mapping between items\n- **Comments**: Collaboration and audit trail\n- **Milestones**: Timeline tracking tied to projects and goals\n- **On-Call Rotations**: Schedule duty rotations with automatic participant cycling\n- **License Policies**: License key and feature entitlement management\n\n### Core Capabilities\n- **Dependency Mapping**: Visualize relationships between entities\n- **Organizational Hierarchy**: Manage Company → Department → Team structures\n- **Unified IAM**: Manage identities across AWS, Azure, GCP, Okta, LDAP with group management\n- **SSO Integration**: SAML 2.0, OpenID Connect (OIDC), and SCIM 2.0 provisioning\n- **Secrets Management**: Integrate with Vault, AWS Secrets Manager, GCP Secret Manager\n- **Network Topology**: Track VPCs, subnets, peering, VPN connections\n- **Project Sync**: Bi-directional sync with GitHub, GitLab, Jira, Trello, OpenProject\n- **Enterprise Features**: Audit logging, RBAC, MFA, SSO, multi-tenant, license management\n- **Backups**: S3/cloud backup jobs with scheduling and point-in-time restore\n- **Webhooks**: Event-driven notifications for entity and issue lifecycle events\n- **SBOM Dashboard**: Software Bill of Materials inventory with vulnerability tracking\n- **Multi-Tenancy**: Tenant isolation and management for enterprise deployments\n- **Global Search**: Full-text search across all resource types and entities\n- **Audit Logging**: Comprehensive action logging with admin filtering\n- **Network Topology Map**: Interactive visualization of infrastructure relationships\n\n## Screenshots\n\n### Login \u0026 Dashboard\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/login.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/login.png\" alt=\"Login\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eLogin\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/dashboard.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/dashboard.png\" alt=\"Dashboard\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eDashboard\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### Asset Management\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/organizations.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/organizations.png\" alt=\"Organizations\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eOrganizations\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/entities.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/entities.png\" alt=\"Entities\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eEntities\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/software.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/software.png\" alt=\"Software\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eSoftware\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/services.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/services.png\" alt=\"Services\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eServices\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/data-stores.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/data-stores.png\" alt=\"Data Stores\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eData Stores (v3.0.0)\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/dependencies.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/dependencies.png\" alt=\"Dependencies\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eDependencies\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### Project Tracking\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/projects.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/projects.png\" alt=\"Projects\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eProjects\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/issues.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/issues.png\" alt=\"Issues\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eIssues\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### Security \u0026 Identity\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/identities.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/identities.png\" alt=\"Identity Center\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eIdentity Center\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/secrets.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/secrets.png\" alt=\"Secrets Management\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eSecrets Management\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/keys.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/keys.png\" alt=\"API Keys\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eAPI Keys\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/certificates.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/certificates.png\" alt=\"Certificates\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eCertificates\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### Discovery \u0026 Profile\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/discovery.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/discovery.png\" alt=\"Discovery\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eDiscovery\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\"\u003e\n\u003ca href=\"docs/screenshots/profile.png\" target=\"_blank\"\u003e\n  \u003cimg src=\"docs/screenshots/profile.png\" alt=\"Profile\" style=\"max-width: 100%;\"\u003e\n\u003c/a\u003e\n\u003cp align=\"center\"\u003e\u003cem\u003eProfile\u003c/em\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n## Key Features\n\n### Core Capabilities\n- ✅ **Dual Data Model**: 6 Resource types (dedicated schemas) + 5 Entity categories (flexible schema)\n- ✅ **Multi-Entity Support**: 5 entity categories with 40+ sub-types\n- ✅ **Hierarchical Organizations**: Unlimited depth organizational structures\n- ✅ **Dependency Graphs**: Visualize complex entity relationships\n- ✅ **Full RBAC**: Role-based permissions with org-scoped access\n- ✅ **Multi-Auth**: Local, SAML, OAuth2, OIDC, and LDAP authentication\n- ✅ **RESTful \u0026 gRPC APIs**: Complete API coverage\n- ✅ **Audit Logging**: Comprehensive audit trail for compliance\n- ✅ **MariaDB Galera**: Full support for multi-master MySQL clustering\n\n### v3.1.5 Highlights (Latest)\n- **PyDAL Stale Cursor Fix**: Added `teardown_appcontext` handler to reset DB connections between requests — resolves `401 Authentication required` on all `@login_required` endpoints after first login\n- **Issue Labels `updated_at` Fix**: Added missing `updated_at` column to `issue_labels` table, preventing `FieldNotFound` errors when listing labeled issues\n- **E2E Test Suite Improvements**: CORS-safe authentication using Playwright Node.js request context; dynamic API port selection with `ss` to avoid docker-proxy conflicts; graceful skip for enterprise-gated UI elements\n- **penguin-libs Migration**: Replaced local `shared/react_libs` with published `@penguintechinc/react-libs`; integrated `SanitizedLogger` across API and Scanner services\n- **K8s Manifests**: Added complete Helm + Kustomize overlays for alpha (`.localhost.local`) and beta (`.penguintech.cloud`) with smoke test script\n\n### v3.1.4 Highlights\n- **Penguin-Libs Migration**: Removed orphaned `shared/react_libs/` local copy (92 MB); frontend now uses `@penguintechinc/react-libs` npm package exclusively\n- **SanitizedLogger Integration**: Added `penguin-utils` SanitizedLogger as a structlog processor — PII and sensitive values are automatically redacted from all log output\n- **All 4 Containers in Deploy Script**: `deploy-beta.sh all` now builds and pushes api, web, scanner, and worker (previously only api + web)\n- **E2E Alpha Script**: Added `scripts/e2e-test-alpha.sh` with 57-test suite and Kustomize-based deploy/teardown\n- **K8s Manifests**: Added complete Kustomize base + alpha overlay manifests for all services\n- **SQLAlchemy Model Alignment**: Models now 1:1 with PyDAL schema; 13 new model files added for complete coverage\n- **CI Fixes**: Refreshed `NPM_PKG_TOKEN` secret; applied black + isort formatting across all model files\n\n### v3.1.1 Highlights\n- **Schema via Alembic**: Migration 011 creates all 67 base tables; PyDAL runs with `migrate=False` — eliminates `DuplicateTable` race conditions in multi-replica K8s deployments (Issue #58)\n- **Refresh Token Storage**: `onSuccess` stores both `elder_token` and `elder_refresh_token` — resolves sidebar not loading after login (Issue #59)\n- **Async DB Commits**: Wrapped write operations in `run_in_threadpool()` — fixes organizations and other resources not persisting via async routes (Issue #61)\n- **Ultrawide Monitor Support**: Login page and main content capped at max-width and centered\n\n### v3.1.0 Highlights\n- **Elder Worker Service**: Background service that owns all async operations — cloud discovery (AWS/GCP/Azure/K8s), connector state sync, credential refresh; stateless/horizontally scalable\n- **Periodic Access Review System**: Automated quarterly/annual access reviews for identity groups with Okta sync (Enterprise)\n- **LoginPageBuilder Integration**: Migrated login page to `react-libs` LoginPageBuilder for consistent UX\n- **LXD Compute Sub-types**: Added LXD Container and LXD VM as entity sub-types under Compute\n- **Playwright Web UI Test Suite**: Browser automation tests covering all pages, navigation, forms, and modals\n\n### v3.0.x Highlights\n- **v3.0.9**: Connector entity client fixes (removed invalid update fields, added sub_type support); Express and dependency security updates\n- **OpenID Connect (OIDC)**: Full OIDC support alongside SAML for SSO integration\n- **Data Stores Tracking**: Track S3, GCS, Azure Blob, NAS, SAN, databases, and data lakes with compliance metadata (PII, PHI, PCI flags)\n- **Group Membership Management**: Approval workflows, access requests, owner reviews, and multi-provider write-back (LDAP + Okta)\n- **Okta Connector**: Full Okta identity provider with bidirectional sync and group management\n- **SCIM 2.0 Provisioning**: Complete SCIM user provisioning with JIT provisioning support\n- **Enhanced Key Management**: Improved crypto key schema with provider ARN, key types, and state tracking\n- **On-Call Rotation Management**: Schedule and manage on-call duty rotations with history tracking\n- **Milestones**: Project milestone tracking and progress management\n- **License Policy Management**: Enterprise license key and feature entitlement management\n- **Webhooks System**: Event-driven notifications with test and retry capabilities\n- **Network Topology Visualization**: Interactive map of infrastructure relationships\n- **Sub-task Support**: Hierarchical issue tracking with parent-child task relationships\n- **Shared Component Library**: Unified react_libs for consistent UI across all forms and modals\n\n### v2.x Highlights\n- **Unified Identity Center**: Single page for all identity types (Users, Groups, Service Accounts, API Keys)\n- **Multi-backend Secrets**: HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, Infisical\n- **Network Topology**: VPCs, Subnets, Firewalls, Load Balancers with connection mapping\n- **Project Sync**: Bi-directional sync with GitHub, GitLab, Jira, Trello, OpenProject\n- **Cloud Connectors**: AWS, GCP, Kubernetes, Google Workspace, LDAP, iBoss, vCenter, FleetDM\n- **SSL/TLS Certificate Management**: Track certificates with expiration, renewal, and compliance\n- **Village ID System**: Universal hierarchical identifiers for all resources\n\n### License Tiers\n\nElder uses a fair-use licensing model with the Limited AGPL v3 license:\n\n- **Personal \u0026 Internal Use**: Free for individual and internal organizational use\n- **Commercial Use**: Requires a commercial license from Penguin Tech Inc\n- **Modifications**: Must be shared under the same license terms (AGPL)\n- **SaaS Deployment**: Requires commercial license if providing Elder as a service\n\nFor commercial licensing inquiries: sales@penguintech.io\n\n## Quick Start\n\n### Prerequisites\n\n- **Kubernetes** (primary): MicroK8s, Docker Desktop K8s, or Podman Desktop K8s\n- **kubectl** + **helm v3**: For K8s deployments\n- **Docker**: For local image builds (alpha dev only)\n- **Python 3.13+**: For local development without K8s\n- **Node.js 18+**: For Web UI development\n\n\u003e **Note**: Docker Compose is deprecated. All environments (alpha, beta, prod) deploy to Kubernetes.\n\n### Kubernetes Deployment (Recommended)\n\nElder supports deployment to Kubernetes clusters (MicroK8s, kind, k3s, or standard Kubernetes) using Helm.\n\n**Quick Local Deployment:**\n\n```bash\n# Install to local Kubernetes cluster\ncd infrastructure/helm/elder\nhelm dependency update\nhelm install elder . \\\n  --set config.secretKey=\"$(openssl rand -base64 32)\" \\\n  --set postgresql.auth.password=\"$(openssl rand -base64 32)\" \\\n  --set redis.auth.password=\"$(openssl rand -base64 32)\"\n\n# Wait for deployment\nkubectl wait --for=condition=ready pod -l app.kubernetes.io/name=elder --timeout=5m\n\n# Access via port-forward\nkubectl port-forward svc/elder-api 8080:80\nkubectl port-forward svc/elder-web 3000:80\n```\n\n**GitHub Actions CI/CD:**\n\nElder includes automated Kubernetes deployment via GitHub Actions. To set up:\n\n```bash\n# 1. Run the setup script on your cluster\n./scripts/k8s/setup-github-serviceaccount.sh\n\n# 2. Add the output secrets to GitHub:\n#    - KUBE_CONFIG\n#    - K8S_NAMESPACE\n#    - SECRET_KEY\n#    - POSTGRES_PASSWORD\n#    - REDIS_PASSWORD\n\n# 3. Push to main branch - automatic deployment!\n```\n\n**Resources:**\n- 📖 [Local Kubernetes Setup Guide](docs/deployment/local-kubernetes-setup.md)\n- 🔧 [GitHub Actions Kubernetes Deployment](docs/deployment/github-actions-k8s.md)\n- ⚙️ [Helm Chart Documentation](infrastructure/helm/elder/README.md)\n\n## Configuration\n\nKey environment variables:\n\n```bash\n# Database (PyDAL supports PostgreSQL, MySQL/MariaDB, SQLite, Oracle, MSSQL)\n# PostgreSQL (recommended)\nDATABASE_URL=postgresql://elder:password@localhost:5432/elder\n\n# MariaDB Galera Cluster (high availability)\n# DATABASE_URL=mysql://elder:password@galera-node1:3306/elder?wsrep_sync_wait=1\n\n# Redis\nREDIS_URL=redis://:password@localhost:6379/0\n\n# Authentication\nSAML_ENABLED=true\nOIDC_ENABLED=true\nOAUTH2_ENABLED=true\nLDAP_ENABLED=true\n\n# License (optional)\nLICENSE_KEY=PENG-XXXX-XXXX-XXXX-XXXX-XXXX\n\n# Admin User\nADMIN_USERNAME=admin\nADMIN_PASSWORD=change-me\nADMIN_EMAIL=admin@example.com\n```\n\n## Architecture\n\n```\n┌─────────────────────────────────────────────────────────┐\n│                    Client Layer                         │\n│  React UI │ REST Clients │ gRPC Clients                 │\n└─────────────────────────────────────────────────────────┘\n                            │\n┌─────────────────────────────────────────────────────────┐\n│                   API Layer                             │\n│  Flask REST │ gRPC Server │ WebSocket                   │\n│  JWT Auth │ RBAC │ Rate Limiting                        │\n└─────────────────────────────────────────────────────────┘\n              │                        │\n┌─────────────────────────┐  ┌────────────────────────────┐\n│     Worker Service      │  │     Scanner Service        │\n│  Cloud Discovery Exec   │  │  Network / Banner / SBOM   │\n│  Connector State Sync   │  │  HTTP Screenshot Capture   │\n│  Credential Refresh     │  │  Endpoint Parser           │\n└─────────────────────────┘  └────────────────────────────┘\n                            │\n┌─────────────────────────────────────────────────────────┐\n│                   Data Layer                            │\n│  PyDAL (PostgreSQL, MySQL/MariaDB Galera, SQLite)       │\n│  Redis/Valkey (Cache, Sessions)                         │\n└─────────────────────────────────────────────────────────┘\n```\n\n### Technology Stack\n\n- **Backend**: Flask (Python 3.13), PyDAL\n- **Worker**: Python background service — cloud discovery, connector sync, credential refresh\n- **Scanner**: Python scanner service — network, SBOM, HTTP screenshot, endpoint parser\n- **Frontend**: React, TypeScript, Vite, Tailwind CSS, ReactFlow\n- **Database**: PostgreSQL (recommended), MySQL/MariaDB Galera, SQLite\n- **Cache**: Redis / Valkey\n- **APIs**: REST (OpenAPI 3.0), gRPC\n- **Auth**: JWT, SAML, OIDC, OAuth2, LDAP, SCIM 2.0\n- **Connectors**: AWS, GCP, Kubernetes, Okta, LDAP, vCenter, FleetDM, iBoss\n- **Monitoring**: Prometheus, Grafana\n- **Deployment**: Kubernetes (Helm + Kustomize), MicroK8s local dev\n\n## Scanners \u0026 Integrations\n\n### Scanners\nElder includes built-in scanners for automated discovery and security analysis:\n\n| Scanner | Description |\n|---------|-------------|\n| **Network Scanner** | Discover hosts, open ports, and network topology |\n| **Banner Scanner** | Grab service banners for version identification |\n| **HTTP Screenshot** | Capture screenshots of web services for visual inventory |\n| **SBOM Scanner** | Software Bill of Materials generation and vulnerability detection |\n\n### Connectors (Integrators)\nBi-directional sync with identity providers and infrastructure platforms:\n\n| Connector | Capabilities |\n|-----------|-------------|\n| **AWS** | EC2, VPC, IAM, S3, RDS discovery and sync |\n| **GCP** | Compute Engine, VPC, IAM, Cloud Storage sync |\n| **Kubernetes** | Clusters, namespaces, deployments, services |\n| **Okta** | Users, groups, applications with write-back |\n| **LDAP/AD** | Directory users and groups with bidirectional sync |\n| **Google Workspace** | Users, groups, organizational units |\n| **vCenter** | VMware VMs, hosts, clusters, datastores |\n| **FleetDM** | Endpoint management and osquery integration |\n| **iBoss** | Cloud security gateway policy sync |\n| **Authentik** | Open-source identity provider integration |\n\n### SBOM Parsers\nParse dependency files from multiple ecosystems for vulnerability tracking:\n\n| Parser | File Types |\n|--------|------------|\n| **Python** | requirements.txt, setup.py, pyproject.toml, Pipfile |\n| **Node.js** | package.json, package-lock.json, yarn.lock, pnpm-lock.yaml |\n| **Go** | go.mod, go.sum |\n| **Rust** | Cargo.toml, Cargo.lock |\n| **Java/Maven** | pom.xml |\n| **Gradle** | build.gradle, build.gradle.kts |\n| **.NET** | csproj, fsproj, packages.config |\n\n### Endpoint Parsers\nDiscover API endpoints from source code for service mapping:\n\n- **Flask** (Python)\n- **FastAPI** (Python)\n- **Django** (Python)\n- **Express** (Node.js)\n- **Go** (net/http, Gin, Echo)\n\n## Documentation\n\n| Document | Description |\n|----------|-------------|\n| [API Reference](docs/API.md) | REST \u0026 gRPC API documentation |\n| [Database Schema](docs/DATABASE.md) | Database structure and PyDAL usage |\n| [Sync Documentation](docs/SYNC.md) | Project management sync setup |\n| [Backup Configuration](docs/S3_BACKUP_CONFIGURATION.md) | S3 backup setup |\n| [Usage Guide](docs/USAGE.md) | User guide and workflows |\n| [Contributing](docs/CONTRIBUTING.md) | Contribution guidelines |\n| [Release Notes](docs/RELEASE_NOTES.md) | Version history |\n\n## Development\n\n```bash\n# Development\nmake dev              # Start postgres and redis\nmake dev-api          # Start Flask API\nmake dev-all          # Start all services\n\n# Testing\nmake test             # Run all tests\nmake lint             # Run linters\nmake format           # Format code\n\n# Docker\nmake docker-build     # Build Docker image\nmake docker-scan      # Scan for vulnerabilities\n```\n\n## Security\n\n- ✅ Multi-factor authentication\n- ✅ Fine-grained RBAC with org-scoped permissions\n- ✅ TLS 1.3 enforcement\n- ✅ Input validation with PyDAL validators\n- ✅ SQL injection prevention\n- ✅ Audit logging\n- ✅ Container scanning with Trivy\n\n## Contributing\n\nWe welcome contributions! Please see [CONTRIBUTING.md](docs/CONTRIBUTING.md) for guidelines.\n\n## License\n\nElder is licensed under the Limited AGPL v3 with Fair Use Preamble. See [LICENSE.md](docs/LICENSE.md) for details.\n\n**License Highlights:**\n- **Personal \u0026 Internal Use**: Free under AGPL-3.0\n- **Commercial Use**: Requires commercial license\n- **SaaS Deployment**: Requires commercial license if providing Elder as a service\n\n### Contributor Employer Exception (GPL-2.0 Grant)\n\nCompanies employing official contributors receive GPL-2.0 access to community features:\n\n- **Perpetual for Contributed Versions**: GPL-2.0 rights to versions where the employee contributed remain valid permanently, even after the employee leaves the company\n- **Attribution Required**: Employee must be credited in CONTRIBUTORS, AUTHORS, commit history, or release notes\n- **Future Versions**: New versions released after employment ends require standard licensing\n- **Community Only**: Enterprise features still require a commercial license\n\nThis exception rewards contributors by providing lasting fair use rights to their employers. See [LICENSE.md](docs/LICENSE.md) for full terms.\n\n## Support\n\n- **Company Homepage**: [www.penguintech.io](https://www.penguintech.io)\n- **Documentation**: [docs.penguintech.io/elder](https://docs.penguintech.io/elder)\n- **Issues**: [GitHub Issues](https://github.com/penguintechinc/elder/issues)\n- **Email**: support@penguintech.io\n\n## Default Login Credentials\n\nFor local development and testing, Elder creates a default admin user:\n\n| Field | Value |\n|-------|-------|\n| **URL** | http://localhost:3005 |\n| **Email** | admin@localhost.local |\n| **Password** | admin123 |\n| **Tenant** | System (ID: 1) |\n\n\u003e **Warning**: Change the default password immediately in production environments by setting the `ADMIN_PASSWORD` environment variable before first startup.\n\n---\n\n**Elder** - Know Your Infrastructure, Understand Your Dependencies\n\n© 2025-2026 Penguin Tech Inc. All rights reserved.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpenguintechinc%2Felder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpenguintechinc%2Felder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpenguintechinc%2Felder/lists"}