awesome-platform-engineering

A curated list of awesome tools, resources and various shiny things
https://github.com/dstrates/awesome-platform-engineering

Last synced: 10 days ago
JSON representation

Git Tools
- Polyrepo operations tools
  - mu-repo
  - multi-gitter
- Repository management tools
  - pull - Keep your forks up-to-date via automated PRs
  - git-of-theseus - Analyze how a Git repo grows over time
  - bash-git-prompt - An informative and fancy bash prompt for Git users
  - comby - A code rewrite tool for structural search and replace that supports ~every language
Identity and access management
- Hook management tools
  - Teleport
  - IAMAlive - Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
  - Pike - Pike is a tool for determining the permissions or policy required for IAC code
  - AirAM - Least privilege AWS IAM Terraformer
  - IAM Floyd - AWS IAM policy statement generator with fluent interface
  - repokid - AWS IAM usage monitor
  - aardvark - Aardvark is a multi-account AWS IAM Access Advisor API (and caching layer)
  - CloudTracker - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies
  - Cloudsplaining - AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report
  - Parliament - AWS IAM policy linter
  - PMapper - AWS IAM privilege escalation mapping
  - Policy Sentry - IAM Least Privilege Policy Generator
  - Ermetic - Holistic IAM protection for AWS, Azure and Google Cloud
Infrastructure as code
- Hook management tools
  - Terraform - Terraform is a tool for building, changing, and versioning infrastructure
  - OpenTofu - OSS Terraform fork that lets you declaratively manage your cloud infrastructure
  - AWS CDK - The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
  - Pulumi - Infrastructure as Code in any programming language
  - sst - Build modern full-stack applications on AWS
  - ion - ❍ — an experimental new engine for SST
  - Sceptre - sceptre is a tool to drive AWS CloudFormation
- Infrastructure as code generation
  - Former2 - generate CloudFormation/Terraform from existing AWS resources
  - Terraformer - CLI tool to generate terraform files from existing infrastructure
  - Terracognita - generates Terraform from existing AWS resources
  - Firefly - Cloud asset management solution
  - k2tf - Kubernetes YAML to Terraform HCL converter
Internal developer platform
- Infrastructure from code
  - Drone - self-service Continuous Integration platform
  - Shipa - modern application delivery platform
  - KubeVela - modern application delivery platform
  - Ketch - Kubernetes application delivery platform
  - Humanitec - Internal developer platform orchestrator
  - Nais - application delivery platform
  - Garden - simplify Kubernetes delivery
  - Massdriver - visual IDP that enables engineers to deploy production-ready cloud infrastructure and applications in minutes
Kafka
- Infrastructure from code
  - burrow - Kafka Consumer Lag Checking
  - schema-registry - Confluent Schema Registry for Kafka
  - topicctl - Tool for declarative management of Kafka topics
  - kaf - Modern CLI for Apache Kafka, written in Go
  - franz-go - franz-go contains a feature complete, pure Go library for interacting with Kafka from 0.8.0 through 3.6+. Producing, consuming, transacting, administrating, etc.
  - bento - Fancy stream processing made operationally mundane
  - heetch/avro - Avro codec and code generation for Go
  - Karapace - supports the storing of schemas in a central repository, which clients can access to serialize and deserialize messages
  - xk6-kafka - k6 extension to load test Apache Kafka with support for various serialization formats, SASL, TLS, compression, Schema Registry client and beyond
  - kroxylicious - An open-source network proxy framework for Apache Kafka
Kubernetes
- Infrastructure from code
  - lens - IDE for kubernetes
  - kubestack - a collection of Terraform modules and a dedicated Terraform provider to maintain both infra and services together
  - Keda - Event Driven Autoscaler
  - ket - Kismatic Enterprise Toolkit: a set of production-ready defaults and best practice tools for creating enterprise-tuned Kubernetes clusters
  - flagger - Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
  - cdk8s - Define Kubernetes native apps and abstractions using object-oriented programming
- Kubernetes IAM
  - Kubiscan - A tool to scan Kubernetes cluster for risky permissions
  - rbac-police - Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
- Kubernetes local development
  - Oktekto - Develop your applications directly in your Kubernetes Cluster
  - Tilt - Define your dev environment as code. For microservice apps on Kubernetes
  - Telepresence - Local development against a remote Kubernetes or OpenShift cluster
  - Skaffold - Easy and Repeatable Kubernetes Development
  - Kardinal - Kardinal is an open-source framework for creating extremely lightweight ephemeral development environments within a shared Kubernetes cluste
- Kubernetes runtime security
  - tracee - Linux Runtime Security and Forensics using eBPF
  - falco - Cloud Native Runtime Security
  - kubespy - Tools for observing Kubernetes resources in real time, powered by Pulumi
  - inspektor-gadget - eBPF security inspection tool
- Kubernetes security posture management
  - pluto - A cli tool to help discover deprecated apiVersions in Kubernetes
  - kubent - Easily check your clusters for use of deprecated APIs
  - Popeye - A Kubernetes cluster resource sanitizer
  - kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  - nova - Find outdated or deprecated Helm charts running in your cluster
  - hardeneks - Runs checks to see if an EKS cluster follows EKS Best Practices
  - kbom - SBOM for Kubernetes
  - sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
  - external-secrets - External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets
  - namespacehound - tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters
  - eraser - Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster
- Kubernetes static analysis
  - KubeLinter - static analysis tool that checks Kubernetes YAML files and Helm charts
  - Kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
  - Kubescape - K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning
  - Kubeclarity - detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
- Kubernetes templating
  - helm - The Kubernetes Package Manager
  - helmfile - Deploy Kubernetes Helm Charts
  - helm-unittest - BDD styled unit test framework for Kubernetes Helm charts as a Helm plugin
  - kustomize - Customization of kubernetes YAML configurations
  - ytt - YAML templating tool that works on YAML structure instead of text
  - timoni - Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm
  - tanka - Flexible, reusable and concise configuration for Kubernetes using Jsonnet
- Kubernetes testing
  - Testkube - Kubernetes-native framework for test definition and execution
  - Kuberhealthy - A Kubernetes operator for running synthetic checks as pods
Linting
- Kubernetes testing
  - megalinter - MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues
  - reviewdog - Automated code review tool integrated with any code analysis tools regardless of programming language
  - error-prone - Catch common Java mistakes as compile-time errors
  - clang-tidy - C++ linter
  - metabob - AI coding assistant that uses a combination of graph-attention networks and generative AI to facilitate code review and quality
  - Danger JS - Danger runs after your CI, automating your team's conventions surrounding code review
- Regex
  - AutoRegex - convert english to regex
- Terraform
  - tflint - Terraform linter
  - Awesome terraform - Definitive list of Terraform tools
  - terraform visual - beautifies barely readable output from `terraform graph`
  - terrakube - OSS alternative to Terraform Cloud
  - hatchet - OSS alternative to Terraform Cloud
  - OTF - OSS alternative to Terraform Cloud
  - digger - state aware Terraform orchestrator
  - terralist - Terraform Private Registry for modules and providers manageable from a REST API
Observability
- Regex
  - vector - A high-performance observability data pipeline
  - datadog - leading ($$$$) monitoring and security platform
  - kiali - observability for the Istio service mesh
  - cilium - eBPF-based Networking, Security, and Observability
  - thanos - Highly available Prometheus setup with long term storage capabilities
  - otelbin - Web-based tool to facilitate OpenTelemetry collector configuration editing and verification
  - openobserve - cloud-native observability platform built specifically for logs, metrics, traces, analytics, RUM (Real User Monitoring - Performance, Errors, Session Replay) designed to work at petabyte scale
Platform as a Service
- Regex
  - Netlify - cloud application platform
  - Heroku - cloud application platform
  - Kamatera - Create servers and more, in less than 60 seconds
  - Sloppy - Managed Docker Hosting - fast, simple and secure
  - Vultr - Deploy Docker Apps in One-Click
  - StackPath - run your cloud workloads at the edge
  - Otomi - Self-hosted PaaS for Kubernetes
  - Replicated - Distribution Platform for Customer Controlled Software
  - Vultr - Deploy Docker Apps in One-Click
Policy as code
- Regex
  - Cyral
  - Kyverno - Kubernetes Native Policy Management
  - Datree - Policy as code engine for Kubernetes. Enterprise support available
  - Magtape - Policy as code engine for Kubernetes
  - OPA Gatekeeper - Gatekeeper is a Policy Controller for Kubernetes
  - Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  - Hashicorp Sentinel - Policy as code framework for HashiCorp Enterprise Products
Secrets management
- Regex
  - Sops - simple and flexible tool for managing secrets
  - Vault - manage secrets and protect sensitive data
  - Keybase - end-to-end encrypted chat and cloud storage system
  - Vault Secrets Operator - create Kubernetes secrets from Vault for a secure GitOps based workflow
  - Git Secret - a bash-tool to store your private data inside a git repository
  - Teller - Cloud native secrets management for developers - never leave your command line for secrets
  - deepsecrets - Secrets scanner that understands code
  - doppler - Platform for Secrets management
  - chamber - CLI for managing secrets
Service catalogue
- Regex
  - Backstage - Backstage is an open platform for building developer portals
  - Cortex - Cortex makes it easy for engineering organisations to gain visibility into their services
  - OpsLevel - OpsLevel is the developer platform for teams to own, operate, and understand their production infrastructure
  - Clutch - An extensible platform for infrastructure management
Sharing
- Regex
  - Gitbook - modern documentation format and toolchain using Git and Markdown
  - Docusaurus - easy to maintain open source documentation websites
  - MkDocs - project documentation with Markdown
  - Obsidian - markdown knowledge base
  - Typora - Markdown editor
  - Docz - Create MDX files showcasing your code and Docz turns them into a live-reloading, production-ready site
  - Antora - The multi-repository documentation site generator for tech writers who write in AsciiDoc
  - tldraw - draw things quick
  - excalidraw - hand-drawn look and feel diagrams
  - vale - A markup-aware linter for prose built with speed and extensibility in mind
  - mdBook - Create book from markdown files. Like Gitbook but implemented in Rust
  - Docsify - a magical documentation site generator
Status pages
- Regex
  - cachet - The open-source status page system
  - instatus - Get a beautiful status page in 10 seconds, without paying thousands of dollars!
  - Atlassian Statuspage - the #1 status and incident communication tool
  - PagerDuty status page
Testing
- A/B testing
  - Optimizely - A/B testing at scale
  - VWO Testing - A/B testing
  - Sitespect - A/B testing and site optimization
  - Flagsmith - Flagsmith is an open source feature flagging and remote config service.
  - Unleash - Open-source feature management platform
  - OpenFeature - OpenFeature is an open specification that provides a vendor-agnostic, community-driven API for feature flagging that works with your favorite feature flag management tool or in-house solution.
- Load, stress & soak testing
  - k6 - cloud-native load tests written in JS
  - Artillery - cloud-scale performance testing
  - Jmeter - 20+ years of solid Java testing
  - Gatling - Java based load testing as code. Note: slower than newer alternatives
  - Tsung - high-performance benchmark and stress testing tool
  - Locust - modern load testing in Python
  - LoadRunner - Load testing tool from Micro Focus
  - TCPCopy - TCP stream replay tool to support real testing of Internet server applications
  - Siege - HTTP load testing and benchmarking utility
  - Wrk - Modern HTTP benchmarking tool
  - Web Bench - Web Bench is very simple tool for benchmarking WWW or proxy servers
- Performance testing
  - fgprof - fgprof is a sampling Go profiler that allows you to analyze On-CPU as well as Off-CPU (e.g. I/O) time together.
  - perfetto - Production-grade client-side tracing, profiling, and analysis for complex software systems.
- Regex
  - QA Wolf - QA Wolf gets web apps to 80% automated end-to-end test coverage in weeks, not years
  - gretel - Generate artificial, synthetic datasets with the same characteristics as real data
  - shadowtraffic - Rapidly simulate production traffic to your backend
Usage-based pricing
- Load, stress & soak testing
  - Use It or Lose It: Why Usage-Based Pricing
  - OpenMeter - Usage Metering for AI, DevOps, and Billing. Built for engineers to collect and aggregate millions of events in real-time
  - Amberflo - Amberflo provides the most advanced and comprehensive platform for building and deploying usage-based pricing
  - Lago - Open Source Metering and Usage Based Billing
  - Ordway - Invoice based upon consumption of cloud services
  - Metronome
  - octane
  - orb
  - lago
  - chargebee
  - moesif

Programming Languages

Go 118 Python 48 TypeScript 22 Rust 15 JavaScript 11 Java 10 Shell 6 C 5 Ruby 2 C++ 2

awesome-platform-engineering

Git Tools

Polyrepo operations tools

Repository management tools

Identity and access management

Hook management tools

Infrastructure as code

Hook management tools

Infrastructure as code generation

Internal developer platform

Infrastructure from code

Kafka

Infrastructure from code

Kubernetes

Infrastructure from code

Kubernetes IAM

Kubernetes local development

Kubernetes runtime security

Kubernetes security posture management

Kubernetes static analysis

Kubernetes templating

Kubernetes testing

Linting

Kubernetes testing

Regex

Terraform

Observability

Regex

Platform as a Service

Regex

Policy as code

Regex

Secrets management

Regex

Service catalogue

Regex

Sharing

Regex

Status pages

Regex

Testing

A/B testing

Load, stress & soak testing

Performance testing

Regex

Usage-based pricing

Load, stress & soak testing