awesome-platform-engineering

A curated list of awesome tools, resources and various shiny things
https://github.com/dstrates/awesome-platform-engineering

Last synced: 3 days ago
JSON representation

Application Security
- SAST
  - static-analysis - A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality
  - Shisho - Lightweight static analyzer
  - Privado - Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report
  - Purple panda - identify privilege escalation paths within and across different clouds
  - opensourcesecurityindex.io
- API Fuzzing
  - Burpsuite - The enterprise-enabled dynamic web vulnerability scanner
  - OWASP ZAP - dynamic security testing and web app scanner
  - Restler - stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs
  - Onefuzz - A self-hosted Fuzzing-As-A-Service platform
  - Schemathesis - Specification-centric API testing tool for Open API and GraphQL-based applications
  - Dredd - Language-agnostic HTTP API Testing Tool
  - OSS-Fuzz - continuous fuzzing for open source software
  - Cherrybomb - CLI tool that helps you avoid undefined user behaviour by validating your API specifications
  - Snapchange - Lightweight fuzzing of a memory snapshot using KVM
- SCA
  - deps.dev - Google project for rating dependencies
  - socket.dev - Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies
  - OSV scanner - Dependency vulnerability scanner written in Go which uses the data provided by [https://osv.dev](https://osv.dev)
  - Dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
  - dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies
  - OpenSCA - supports detection of open source component dependencies and vulnerabilities
  - packj - Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
  - nancy - A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
  - depguard - Go linter that checks if package imports are in a list of acceptable packages
- Supply chain security
  - OWASP dependency-check - software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies
  - scorecard - OpenSSF Scorecard - Security health metrics for Open Source
  - ossf/allstar - GitHub App to set and enforce security policies
  - harden-runner - Security agent for GitHub-hosted runner: block egress traffic & detect code overwrite to prevent breaches
  - chain-bench - open-source tool for auditing your software supply chain stack for security compliance based on a new CISs Software Supply Chain benchmark
  - legitify - Detect and remediate misconfigurations and security risks across all your GitHub assets
  - oak - Oak is a software platform for building distributed systems providing externally verifiable (or falsifiable) claims about system behaviors in a transparent way
  - awesome supply chain security
  - steampipe (GitHub compliance mod)
  - CVE Prioritizer - Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities
  - OSSGadget - Collection of tools for analyzing open source packages
- Secrets detection
  - Trufflehog - Find leaked credentials
  - git-secrets - AWSLabs tool for detecting secrets in git. No longer maintained
  - DumpsterDiver - Tool to search secrets in various filetypes. No longer maintained
  - ggshield - GitGuardian secrets detection.
  - secretlint - Pluggable linting tool to prevent committing credentials.
  - Detect-secrets - Yelp: An enterprise friendly way of detecting and preventing secrets in code
  - keyscope - SpectralOps tool for secrets validation
  - auth0/repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets
  - Skyscanner/whispers - Identify hardcoded secrets in static structured text
  - Ocotopii - An AI-powered Personal Identifiable Information (PII) scanner
  - SecretScanner - Deepfence SecretScanner can find unprotected secrets in container images or file systems. Integrated into [ThreatMapper 1.3.0](https://github.com/deepfence/ThreatMapper)
  - leaky-repo - benchmarking repo with secrets in it to test and evaluate detection tools
  - Gitleaks - SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos
  - Bridgecrew detect-secrets - Bridgecrew fork of yelp/detect-secrets
  - auth0/repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets
- DAST
  - OWASP ZAP - automatically find security vulnerabilities in your web applications while you are developing and testing your applications
  - nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL
  - Nikto2 - web server scanner
  - analysis-tools-dev/dynamic-analysis
  - Wapiti - Web vulnerability scanner written in Python3
  - Skipfish - Web application security scanner created by lcamtuf for google - Unofficial Mirror [Deprecated]
  - paulveillard/cybersecurity-dynamic-analysis
  - CI Fuzz - CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line
- Threat modelling
  - Deciduous - security decision tree generator that serves as a threat modelling tool
Secrets management
- Regex
  - Teller - Cloud native secrets management for developers - never leave your command line for secrets
  - Keybase - end-to-end encrypted chat and cloud storage system
  - doppler - Platform for Secrets management
  - Git Secret - a bash-tool to store your private data inside a git repository
  - chamber - CLI for managing secrets
  - Vault Secrets Operator - create Kubernetes secrets from Vault for a secure GitOps based workflow
  - deepsecrets - Secrets scanner that understands code
  - Sops - simple and flexible tool for managing secrets
  - Vault - manage secrets and protect sensitive data
Platform as a Service
- Regex
  - Netlify - cloud application platform
  - Heroku - cloud application platform
  - Sloppy - Managed Docker Hosting - fast, simple and secure
  - Kamatera - Create servers and more, in less than 60 seconds
  - StackPath - run your cloud workloads at the edge
  - Otomi - Self-hosted PaaS for Kubernetes
  - Vultr - Deploy Docker Apps in One-Click
  - Replicated - Distribution Platform for Customer Controlled Software
  - Vultr - Deploy Docker Apps in One-Click
Chat and ChatOps
- Threat modelling
  - Lita - a robot companion for your company's chat room
  - Mattermost - messaging platform that enables secure team collaboration
  - Hubot - a customizable life embetterment robot
  - Rootly - Incident management in Slack
  - Botkube - chat bot for Kubernetes
  - CloudBot - simple, fast, expandable, open-source Python IRC Bot
  - Rocket - open source team communication
Dependency management
- Build systems
  - Bazel - Bazel is Google's monorepo-oriented build system
  - Nx - Nx is a build system with built-in tooling and advanced CI capabilities. It helps you maintain and scale monorepos, both locally and on CI
  - pants - a monorepo-oriented build system, used by Twitter, Foursquare and multiple other companies
  - buck2 - Buck2 is a fast, hermetic, multi-language build system designed by Meta
- Shell into containers
  - Poetry - Python packaging and dependency management
  - Lerna - Lerna is a tool for managing JavaScript projects with multiple packages, built on Yarn
  - chezmoi - Manage your dotfiles across multiple diverse machines, securely
  - asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
  - changesets - A way to manage your versioning and changelogs with a focus on monorepos
  - Renovate - Universal dependency update tool that fits into your workflows
  - just - just is a handy way to save and run project-specific commands
  - spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers
  - Dependabot - Automating dependency updates in multiple languages
  - earthly - Super simple build framework with fast, repeatable builds and an instantly familiar syntax – like Dockerfile and Makefile had a baby.
  - mise - development environment setup tool that manages dev tools, runtimes, envvars and task runners
  - tfenv - Terraform version manager based on rbenv
  - configrd - Sync configurations such as environment variables, application properties and secrets across build pipelines, services and environments
  - knip - Find unused files, dependencies and exports in your JavaScript and TypeScript projects
  - Devbox - command-line tool that lets you easily create isolated shells for development
Testing
- Load, stress & soak testing
  - Jmeter - 20+ years of solid Java testing
  - Locust - modern load testing in Python
  - k6 - cloud-native load tests written in JS
  - Artillery - cloud-scale performance testing
  - Siege - HTTP load testing and benchmarking utility
  - Tsung - high-performance benchmark and stress testing tool
  - TCPCopy - TCP stream replay tool to support real testing of Internet server applications
  - Wrk - Modern HTTP benchmarking tool
  - Gatling - Java based load testing as code. Note: slower than newer alternatives
  - LoadRunner - Load testing tool from Micro Focus
  - Web Bench - Web Bench is very simple tool for benchmarking WWW or proxy servers
- A/B testing
  - Optimizely - A/B testing at scale
  - VWO Testing - A/B testing
  - Sitespect - A/B testing and site optimization
- Regex
  - gretel - Generate artificial, synthetic datasets with the same characteristics as real data
  - shadowtraffic - Rapidly simulate production traffic to your backend
  - QA Wolf - QA Wolf gets web apps to 80% automated end-to-end test coverage in weeks, not years
Sharing
- Regex
  - Typora - Markdown editor
  - Obsidian - markdown knowledge base
  - excalidraw - hand-drawn look and feel diagrams
  - Mintlify - modern standard for public facing documentation
  - Antora - The multi-repository documentation site generator for tech writers who write in AsciiDoc
  - tldraw - draw things quick
  - Docusaurus - easy to maintain open source documentation websites
  - Gitbook - modern documentation format and toolchain using Git and Markdown
  - vale - A markup-aware linter for prose built with speed and extensibility in mind
  - mdBook - Create book from markdown files. Like Gitbook but implemented in Rust
  - MkDocs - project documentation with Markdown
  - Docz - Create MDX files showcasing your code and Docz turns them into a live-reloading, production-ready site
Service catalogue
- Regex
  - Backstage - Backstage is an open platform for building developer portals
  - OpsLevel - OpsLevel is the developer platform for teams to own, operate, and understand their production infrastructure
  - Clutch - An extensible platform for infrastructure management
  - Cortex - Cortex makes it easy for engineering organisations to gain visibility into their services
Internal developer platform
- Infrastructure from code
  - Drone - self-service Continuous Integration platform
  - Humanitec - Internal developer platform orchestrator
  - Massdriver - visual IDP that enables engineers to deploy production-ready cloud infrastructure and applications in minutes
  - Shipa - modern application delivery platform
  - Garden - simplify Kubernetes delivery
  - KubeVela - modern application delivery platform
  - Ketch - Kubernetes application delivery platform
  - Nais - application delivery platform
Cloud asset inventory
- Threat modelling
  - Steampipe - `# select * from cloud;`
  - Cloudquery - Sync cloud assets to any database, transform and visualize
  - Cloudmapper - CloudMapper helps you analyze your AWS environments
  - Scoutsuite - Multi-Cloud Security Auditing Tools
  - prowler - perform AWS security best practices assessments, audits, incident response, continuous monitoring
  - driftctl - Detect, track and alert on infrastructure drift
  - AWS ClickOps notifier - Get notified when users are taking actions in the AWS Console
  - saw - Fast, multi-purpose tool for searching AWS CloudWatch Logs
  - Cloudgraph - The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent
  - magpie - Magpie is a free, open-source framework and a collection of community developed plugins that can be used to build complete end-to-end security tools such as a CSPM
  - Resoto - Resoto creates an inventory of your cloud, provides deep visibility, and reacts to changes in your infrastructure
Bug tracking
- Threat modelling
  - Bugasura - AI-powered issue tracker
Continuous integration
- Shell into containers
  - Spacelift - Spacelift is a sophisticated CI/CD platform for Terraform, CloudFormation, Pulumi, and Kubernetes
  - scalr - Terraform Cloud alternative
  - env0 - Manage, deploy, scale, and control all your Terraform, Terragrunt, Pulumi, and related frameworks
  - atlantis - Terraform Pull Request Automation
  - semantic-release - Fully automated version management and package publishing
  - batect - Build And Testing Environments as Code Tool
  - release-please - generate release PRs based on the conventionalcommits.org spec
  - autorelease - Release automation for GitHub
  - git-cliff - A highly customizable Changelog Generator that follows Conventional Commit specifications ⛰️
  - cashapp/hermit - consistent tooling across environments
  - meta/hermit - hermetically isolated sandboxes to control program execution
Observability
- Regex
  - datadog - leading ($$$$) monitoring and security platform
  - kiali - observability for the Istio service mesh
  - openobserve - cloud-native observability platform built specifically for logs, metrics, traces, analytics, RUM (Real User Monitoring - Performance, Errors, Session Replay) designed to work at petabyte scale
  - vector - A high-performance observability data pipeline
  - cilium - eBPF-based Networking, Security, and Observability
  - thanos - Highly available Prometheus setup with long term storage capabilities
  - otelbin - Web-based tool to facilitate OpenTelemetry collector configuration editing and verification
Status pages
- Regex
  - Atlassian Statuspage - the #1 status and incident communication tool
  - instatus - Get a beautiful status page in 10 seconds, without paying thousands of dollars!
  - cachet - The open-source status page system
  - PagerDuty status page
Kubernetes
- Infrastructure from code
  - ket - Kismatic Enterprise Toolkit: a set of production-ready defaults and best practice tools for creating enterprise-tuned Kubernetes clusters
  - kubestack - a collection of Terraform modules and a dedicated Terraform provider to maintain both infra and services together
  - Keda - Event Driven Autoscaler
  - flagger - Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
  - cdk8s - Define Kubernetes native apps and abstractions using object-oriented programming
  - lens - IDE for kubernetes
- Kubernetes local development
  - Telepresence - Local development against a remote Kubernetes or OpenShift cluster
  - Skaffold - Easy and Repeatable Kubernetes Development
  - Tilt - Define your dev environment as code. For microservice apps on Kubernetes
  - Oktekto - Develop your applications directly in your Kubernetes Cluster
  - Kardinal - Kardinal is an open-source framework for creating extremely lightweight ephemeral development environments within a shared Kubernetes cluste
- Kubernetes runtime security
  - tracee - Linux Runtime Security and Forensics using eBPF
  - falco - Cloud Native Runtime Security
  - kubespy - Tools for observing Kubernetes resources in real time, powered by Pulumi
  - inspektor-gadget - eBPF security inspection tool
- Kubernetes security posture management
  - Popeye - A Kubernetes cluster resource sanitizer
  - kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  - sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
  - external-secrets - External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets
  - kubent - Easily check your clusters for use of deprecated APIs
  - eraser - Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster
  - pluto - A cli tool to help discover deprecated apiVersions in Kubernetes
  - hardeneks - Runs checks to see if an EKS cluster follows EKS Best Practices
  - namespacehound - tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters
  - kbom - SBOM for Kubernetes
  - nova - Find outdated or deprecated Helm charts running in your cluster
- Kubernetes templating
  - helm - The Kubernetes Package Manager
  - kustomize - Customization of kubernetes YAML configurations
  - helmfile - Deploy Kubernetes Helm Charts
  - ytt - YAML templating tool that works on YAML structure instead of text
  - tanka - Flexible, reusable and concise configuration for Kubernetes using Jsonnet
  - timoni - Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm
  - helm-unittest - BDD styled unit test framework for Kubernetes Helm charts as a Helm plugin
- Kubernetes testing
  - Kuberhealthy - A Kubernetes operator for running synthetic checks as pods
  - Testkube - Kubernetes-native framework for test definition and execution
- Kubernetes IAM
  - Kubiscan - A tool to scan Kubernetes cluster for risky permissions
  - rbac-police - Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
- Kubernetes static analysis
  - Kubescape - K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning
  - Kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
  - KubeLinter - static analysis tool that checks Kubernetes YAML files and Helm charts
  - Kubeclarity - detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
Usage-based pricing
- Load, stress & soak testing
  - moesif
  - lago
  - Lago - Open Source Metering and Usage Based Billing
  - OpenMeter - Usage Metering for AI, DevOps, and Billing. Built for engineers to collect and aggregate millions of events in real-time
  - Use It or Lose It: Why Usage-Based Pricing
  - Amberflo - Amberflo provides the most advanced and comprehensive platform for building and deploying usage-based pricing
  - Ordway - Invoice based upon consumption of cloud services
  - Metronome
  - octane
  - orb
  - chargebee
Continuous deployment
- Shell into containers
  - dagger - programmable CI/CD engine that runs your pipelines in containers
  - ArgoCD - Declarative continuous deployment for Kubernetes
  - Flux - Open and extensible continuous delivery solution for Kubernetes
Policy as code
- Regex
  - Datree - Policy as code engine for Kubernetes. Enterprise support available
  - OPA Gatekeeper - Gatekeeper is a Policy Controller for Kubernetes
  - Kyverno - Kubernetes Native Policy Management
  - Magtape - Policy as code engine for Kubernetes
  - Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  - Hashicorp Sentinel - Policy as code framework for HashiCorp Enterprise Products
  - Cyral
Diagrams as code
- Build systems
  - Cloudcraft - Create AWS diagrams from deployed infrastructure
  - ascii flow - ASCII editor
  - Go diagrams - create system diagrams with Go
  - mingrammer/diagrams - Draw diagrams in Python code
  - PlantUML - Create diagrams from plaintext language
  - Inframap - Read your tfstate or HCL to generate a graph specific for each provider
  - cdk-dia - CDK to diagrams
  - cfn-diagram - CFN to diagrams
  - Pluralith - Terraform to diagrams
  - structurizr - Diagrams as code 2.0
Identity and access management
- Hook management tools
  - Teleport
  - repokid - AWS IAM usage monitor
  - Policy Sentry - IAM Least Privilege Policy Generator
  - Parliament - AWS IAM policy linter
  - CloudTracker - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies
  - Cloudsplaining - AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report
  - IAM Floyd - AWS IAM policy statement generator with fluent interface
  - AirAM - Least privilege AWS IAM Terraformer
  - Pike - Pike is a tool for determining the permissions or policy required for IAC code
  - PMapper - AWS IAM privilege escalation mapping
  - aardvark - Aardvark is a multi-account AWS IAM Access Advisor API (and caching layer)
  - IAMAlive - Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
Linting
- Kubernetes testing
  - metabob - AI coding assistant that uses a combination of graph-attention networks and generative AI to facilitate code review and quality
  - Danger JS - Danger runs after your CI, automating your team's conventions surrounding code review
  - reviewdog - Automated code review tool integrated with any code analysis tools regardless of programming language
  - error-prone - Catch common Java mistakes as compile-time errors
  - megalinter - MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues
  - clang-tidy - C++ linter
- Regex
  - AutoRegex - convert english to regex
- Terraform
  - digger - state aware Terraform orchestrator
  - tflint - Terraform linter
  - terralist - Terraform Private Registry for modules and providers manageable from a REST API
  - terraform visual - beautifies barely readable output from `terraform graph`
  - OTF - OSS alternative to Terraform Cloud
  - Awesome terraform - Definitive list of Terraform tools
  - terrakube - OSS alternative to Terraform Cloud
  - hatchet - OSS alternative to Terraform Cloud
Chaos engineering
- Threat modelling
  - Chaos Toolkit - the Open Source Platform for Chaos Engineering
  - Litmus - Cloud Native Chaos Engineering platform
  - Toxiproxy - simulate network and system conditions for chaos and resiliency testing
  - Pumba - chaos testing, network emulation and stress testing tool for containers
  - Chaos Monkey - a resiliency tool that helps applications tolerate random instance failures
  - KubeInvaders - Chaotic fun
Cloud cost management
- Threat modelling
  - Infracost - Predict cost of infrastructure from Terraform code
  - Zesty - Automated cloud cost optimization for EC2 & RDS
  - cast.ai - Kubernetes automated cost savings
  - Opencost - Cross-cloud cost allocation models for Kubernetes workloads
  - Terracost - Cloud cost estimation for Terraform in your CLI
  - Vantage - Automated cloud cost optimization
  - Scalr - Terraform platform that has cost-optimization features
  - Finout - Cloud cost monitoring platform
  - Harness Cloud Cost Management - Detect and stop cloud cost anomalies as they occur
  - usage.ai - Automated cloud cost optimization for EC2, RDS, ElasticSearch, RedShift
Documentation as code
- Build systems
  - terraform docs - generate docs from Terraform code
  - glow - terminal based markdown reader designed for the CLI
  - Doxygen - generate docs from annotated C++ code
  - runme - Execute your runbooks, docs, and READMEs
Kafka
- Infrastructure from code
  - xk6-kafka - k6 extension to load test Apache Kafka with support for various serialization formats, SASL, TLS, compression, Schema Registry client and beyond
  - schema-registry - Confluent Schema Registry for Kafka
  - topicctl - Tool for declarative management of Kafka topics
  - burrow - Kafka Consumer Lag Checking
  - Karapace - supports the storing of schemas in a central repository, which clients can access to serialize and deserialize messages
  - bento - Fancy stream processing made operationally mundane
  - franz-go - franz-go contains a feature complete, pure Go library for interacting with Kafka from 0.8.0 through 3.6+. Producing, consuming, transacting, administrating, etc.
  - kaf - Modern CLI for Apache Kafka, written in Go
  - kroxylicious - An open-source network proxy framework for Apache Kafka
  - heetch/avro - Avro codec and code generation for Go
Artifact signing and attestation
- Threat modelling
  - grafeas - Artifact Metadata API to audit and govern software supply chains
  - notary - project that allows anyone to have trust over arbitrary collections of data
  - Cosign - code signing and transparency for containers and binaries
  - in-toto - a framework to protect supply chain integrity
  - SLSA - Software Attestations
Git Tools
- Hook management tools
  - lefthook - Fast and powerful Git hooks manager for any type of projects
  - lint-staged - run linters on git staged files
  - husky - Git hooks for Node.js, manage your hooks from your package.json
  - Mookme - A simple and easy-to-use, yet powerful and language agnostic git hook for monorepos
  - quickhook - a fast, Unix'y, opinionated Git hook runner
  - Overcommit - an extendable Git hook manager written with Ruby
- Polyrepo operations tools
- Repository management tools
  - bash-git-prompt - An informative and fancy bash prompt for Git users
  - comby - A code rewrite tool for structural search and replace that supports ~every language
  - git-of-theseus - Analyze how a Git repo grows over time
  - pull - Keep your forks up-to-date via automated PRs
Containers
- Threat modelling
  - Dive - A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image
  - HadoLint - Dockerfile linter, validate inline bash, written in Haskell
  - cadvisor - Analyzes resource usage and performance characteristics of running containers
  - Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  - docker-bench - checks for dozens of common best-practices
  - distroless - Language focused docker images, minus the operating system
  - Whaler - Go program to reverse Docker images into Dockerfiles
  - ko - ko is a simple, fast container image builder for Go applications
  - grype - A vulnerability scanner for container images and filesystems
  - tini - A tiny but valid `init` for containers
  - Dockle - Docker image linting
  - go-containerregistry - Google Go library for working with container images. Includes tools like `crane`, `gcrane`, `krane` & `k8schain`
  - dfimage - Reverse-engineer a Dockerfile from a Docker image
  - runc - CLI tool for spawning and running containers according to the OCI specification
  - anchore-engine - A service that analyzes docker images and scans for vulnerabilities
  - copacetic - CLI tool for directly patching container images!
  - aquasecurity/docker-bench
  - diffoci - diffoci compares Docker and OCI container images for helping reproducible builds
  - Container-scan - Dockle + Trivy [Deprecated]
  - Docker-slim - Don't change anything in your Docker container image and minify it by up to 30x
  - confidential-containers - leverage Trusted Execution Environments to protect containers and data and to deliver cloud native confidential computing
  - docker-trim - create a trimmed docker image that contains only parts of the original file system of an existing docker image
  - testcontainers - open source framework for providing throwaway, lightweight instances of anything that can run in a Docker container
- Shell into containers
  - cdebug - cdebug - a swiss army knife of container debugging
  - docker-debug - troubleshooting running docker containers
  - debug-ctr - Command-line tool for interactive container troubleshooting
  - docker-opener - Shell-in to any docker container easily
Infrastructure as code
- Hook management tools
  - Pulumi - Infrastructure as Code in any programming language
  - Terraform - Terraform is a tool for building, changing, and versioning infrastructure
  - AWS CDK - The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
  - sst - Build modern full-stack applications on AWS
  - OpenTofu - OSS Terraform fork that lets you declaratively manage your cloud infrastructure
  - Sceptre - sceptre is a tool to drive AWS CloudFormation
  - ion - ❍ — an experimental new engine for SST
- Infrastructure as code generation
  - Terraformer - CLI tool to generate terraform files from existing infrastructure
  - Terracognita - generates Terraform from existing AWS resources
  - Former2 - generate CloudFormation/Terraform from existing AWS resources
  - k2tf - Kubernetes YAML to Terraform HCL converter
  - Firefly - Cloud asset management solution
API tools
- Threat modelling
  - Spectral - A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI v3.1, v3.0, and v2.0 as well as AsyncAPI v2.x.
  - goa - Goa: Elevate Go API development! Streamlined design, automatic code generation, and seamless HTTP/gRPC support
  - swagger-codegen - swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
  - oapi-codegen - Generate Go client and server boilerplate from OpenAPI 3 specifications
  - openapi-diff - Utility for comparing two OpenAPI specifications.
  - ogen - OpenAPI v3 code generator for go
  - Vacuum - vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports
  - openapi-generator - OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
  - SwaggerHub
Endpoint validation
- Build systems
  - Prometheus Blackbox exporter - Blackbox prober exporter
  - Goss - quick and easy server validation
Dashboards as code
- Shell into containers
  - Grafanalib - Write Grafana dashboards in Python
  - Grafonnet - Jsonnet library for generating Grafana dashboard files
  - kennel - Datadog monitors/dashboards/slos as code, avoid chaotic management via UI
  - Steampipe - AWS Insights Mod - Create dashboards and reports for your AWS resources using Steampipe

Programming Languages

Go 116 Python 46 TypeScript 21 Rust 15 JavaScript 11 Java 10 Shell 6 C 5 Ruby 2 Pascal 1

awesome-platform-engineering

Application Security

SAST

API Fuzzing

SCA

Supply chain security

Secrets detection

DAST

Threat modelling

Secrets management

Regex

Platform as a Service

Regex

Chat and ChatOps

Threat modelling

Dependency management

Build systems

Shell into containers

Testing

Load, stress & soak testing

A/B testing

Regex

Sharing

Regex

Service catalogue

Regex

Internal developer platform

Infrastructure from code

Cloud asset inventory

Threat modelling

Bug tracking

Threat modelling

Continuous integration

Shell into containers

Observability

Regex

Status pages

Regex

Kubernetes

Infrastructure from code

Kubernetes local development

Kubernetes runtime security

Kubernetes security posture management

Kubernetes templating

Kubernetes testing

Kubernetes IAM

Kubernetes static analysis

Usage-based pricing

Load, stress & soak testing

Continuous deployment

Shell into containers

Policy as code

Regex

Diagrams as code

Build systems

Identity and access management

Hook management tools

Linting

Kubernetes testing

Regex

Terraform

Chaos engineering

Threat modelling

Cloud cost management

Threat modelling

Documentation as code

Build systems

Kafka

Infrastructure from code

Artifact signing and attestation

Threat modelling

Git Tools

Hook management tools

Polyrepo operations tools

Repository management tools

Containers

Threat modelling

Shell into containers

Infrastructure as code

Hook management tools