awesome-platform-engineering
A curated list of awesome tools, resources and various shiny things
https://github.com/dstrates/awesome-platform-engineering
Last synced: about 6 hours ago
JSON representation
-
API tools
-
Threat modelling
- SwaggerHub
- Vacuum - vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports
- Spectral - A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI v3.1, v3.0, and v2.0 as well as AsyncAPI v2.x.
- openapi-diff - Utility for comparing two OpenAPI specifications.
- openapi-generator - OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
- ogen - OpenAPI v3 code generator for go
- swagger-codegen - swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
- oapi-codegen - Generate Go client and server boilerplate from OpenAPI 3 specifications
- goa - Goa: Elevate Go API development! Streamlined design, automatic code generation, and seamless HTTP/gRPC support
- oasdiff - OpenAPI Diff and Breaking Changes
-
-
Git Tools
-
Hook management tools
- Overcommit - an extendable Git hook manager written with Ruby
- quickhook - a fast, Unix'y, opinionated Git hook runner
- husky - Git hooks for Node.js, manage your hooks from your package.json
- Mookme - A simple and easy-to-use, yet powerful and language agnostic git hook for monorepos
- lint-staged - run linters on git staged files
- lefthook - Fast and powerful Git hooks manager for any type of projects
- pre-commit - a framework for managing and maintaining multi-language pre-commit hooks from Yelp
-
Polyrepo operations tools
-
Repository management tools
- pull - Keep your forks up-to-date via automated PRs
- git-of-theseus - Analyze how a Git repo grows over time
- bash-git-prompt - An informative and fancy bash prompt for Git users
- comby - A code rewrite tool for structural search and replace that supports ~every language
-
-
Identity and access management
-
Hook management tools
- Teleport
- IAMAlive - Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
- Pike - Pike is a tool for determining the permissions or policy required for IAC code
- AirAM - Least privilege AWS IAM Terraformer
- IAM Floyd - AWS IAM policy statement generator with fluent interface
- repokid - AWS IAM usage monitor
- aardvark - Aardvark is a multi-account AWS IAM Access Advisor API (and caching layer)
- CloudTracker - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies
- Cloudsplaining - AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report
- Parliament - AWS IAM policy linter
- PMapper - AWS IAM privilege escalation mapping
- Policy Sentry - IAM Least Privilege Policy Generator
-
-
Infrastructure as code
-
Hook management tools
- Terraform - Terraform is a tool for building, changing, and versioning infrastructure
- OpenTofu - OSS Terraform fork that lets you declaratively manage your cloud infrastructure
- AWS CDK - The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
- Pulumi - Infrastructure as Code in any programming language
- sst - Build modern full-stack applications on AWS
- ion - ❍ — an experimental new engine for SST
- Sceptre - sceptre is a tool to drive AWS CloudFormation
-
Infrastructure as code generation
- Former2 - generate CloudFormation/Terraform from existing AWS resources
- Terraformer - CLI tool to generate terraform files from existing infrastructure
- Terracognita - generates Terraform from existing AWS resources
- Firefly - Cloud asset management solution
- k2tf - Kubernetes YAML to Terraform HCL converter
-
-
Internal developer platform
-
Infrastructure from code
- Drone - self-service Continuous Integration platform
- Shipa - modern application delivery platform
- KubeVela - modern application delivery platform
- Ketch - Kubernetes application delivery platform
- Humanitec - Internal developer platform orchestrator
- Nais - application delivery platform
- Garden - simplify Kubernetes delivery
- Massdriver - visual IDP that enables engineers to deploy production-ready cloud infrastructure and applications in minutes
-
-
Kafka
-
Infrastructure from code
- burrow - Kafka Consumer Lag Checking
- schema-registry - Confluent Schema Registry for Kafka
- topicctl - Tool for declarative management of Kafka topics
- kaf - Modern CLI for Apache Kafka, written in Go
- franz-go - franz-go contains a feature complete, pure Go library for interacting with Kafka from 0.8.0 through 3.6+. Producing, consuming, transacting, administrating, etc.
- bento - Fancy stream processing made operationally mundane
- heetch/avro - Avro codec and code generation for Go
- Karapace - supports the storing of schemas in a central repository, which clients can access to serialize and deserialize messages
- xk6-kafka - k6 extension to load test Apache Kafka with support for various serialization formats, SASL, TLS, compression, Schema Registry client and beyond
- kroxylicious - An open-source network proxy framework for Apache Kafka
-
-
Kubernetes
-
Infrastructure from code
- lens - IDE for kubernetes
- kubestack - a collection of Terraform modules and a dedicated Terraform provider to maintain both infra and services together
- Keda - Event Driven Autoscaler
- ket - Kismatic Enterprise Toolkit: a set of production-ready defaults and best practice tools for creating enterprise-tuned Kubernetes clusters
- flagger - Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
- cdk8s - Define Kubernetes native apps and abstractions using object-oriented programming
-
Kubernetes IAM
- Kubiscan - A tool to scan Kubernetes cluster for risky permissions
- rbac-police - Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
-
Kubernetes local development
- Oktekto - Develop your applications directly in your Kubernetes Cluster
- Tilt - Define your dev environment as code. For microservice apps on Kubernetes
- Telepresence - Local development against a remote Kubernetes or OpenShift cluster
- Skaffold - Easy and Repeatable Kubernetes Development
- Kardinal - Kardinal is an open-source framework for creating extremely lightweight ephemeral development environments within a shared Kubernetes cluste
-
Kubernetes runtime security
- tracee - Linux Runtime Security and Forensics using eBPF
- falco - Cloud Native Runtime Security
- kubespy - Tools for observing Kubernetes resources in real time, powered by Pulumi
- inspektor-gadget - eBPF security inspection tool
-
Kubernetes security posture management
- pluto - A cli tool to help discover deprecated apiVersions in Kubernetes
- kubent - Easily check your clusters for use of deprecated APIs
- Popeye - A Kubernetes cluster resource sanitizer
- kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
- nova - Find outdated or deprecated Helm charts running in your cluster
- hardeneks - Runs checks to see if an EKS cluster follows EKS Best Practices
- kbom - SBOM for Kubernetes
- sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
- external-secrets - External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets
- namespacehound - tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters
- eraser - Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster
-
Kubernetes static analysis
- KubeLinter - static analysis tool that checks Kubernetes YAML files and Helm charts
- Kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
- Kubescape - K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning
- Kubeclarity - detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
-
Kubernetes templating
- helm - The Kubernetes Package Manager
- helmfile - Deploy Kubernetes Helm Charts
- helm-unittest - BDD styled unit test framework for Kubernetes Helm charts as a Helm plugin
- kustomize - Customization of kubernetes YAML configurations
- ytt - YAML templating tool that works on YAML structure instead of text
- timoni - Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm
- tanka - Flexible, reusable and concise configuration for Kubernetes using Jsonnet
-
Kubernetes testing
- Testkube - Kubernetes-native framework for test definition and execution
- Kuberhealthy - A Kubernetes operator for running synthetic checks as pods
-
-
Linting
-
Kubernetes testing
- megalinter - MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues
- reviewdog - Automated code review tool integrated with any code analysis tools regardless of programming language
- error-prone - Catch common Java mistakes as compile-time errors
- clang-tidy - C++ linter
- metabob - AI coding assistant that uses a combination of graph-attention networks and generative AI to facilitate code review and quality
- Danger JS - Danger runs after your CI, automating your team's conventions surrounding code review
-
Terraform
- tflint - Terraform linter
- Awesome terraform - Definitive list of Terraform tools
- terraform visual - beautifies barely readable output from `terraform graph`
- terrakube - OSS alternative to Terraform Cloud
- hatchet - OSS alternative to Terraform Cloud
- OTF - OSS alternative to Terraform Cloud
- digger - state aware Terraform orchestrator
- terralist - Terraform Private Registry for modules and providers manageable from a REST API
-
Regex
- AutoRegex - convert english to regex
-
-
Observability
-
Regex
- vector - A high-performance observability data pipeline
- datadog - leading ($$$$) monitoring and security platform
- kiali - observability for the Istio service mesh
- cilium - eBPF-based Networking, Security, and Observability
- thanos - Highly available Prometheus setup with long term storage capabilities
- otelbin - Web-based tool to facilitate OpenTelemetry collector configuration editing and verification
- openobserve - cloud-native observability platform built specifically for logs, metrics, traces, analytics, RUM (Real User Monitoring - Performance, Errors, Session Replay) designed to work at petabyte scale
-
-
Platform as a Service
-
Regex
- Netlify - cloud application platform
- Heroku - cloud application platform
- Kamatera - Create servers and more, in less than 60 seconds
- Sloppy - Managed Docker Hosting - fast, simple and secure
- Vultr - Deploy Docker Apps in One-Click
- StackPath - run your cloud workloads at the edge
- Otomi - Self-hosted PaaS for Kubernetes
- Replicated - Distribution Platform for Customer Controlled Software
- Section - simple distributed hosting solution that automatically balances traffic across regions (control plane of control planes)
-
-
Policy as code
-
Regex
- Cyral
- Kyverno - Kubernetes Native Policy Management
- Datree - Policy as code engine for Kubernetes. Enterprise support available
- Magtape - Policy as code engine for Kubernetes
- OPA Gatekeeper - Gatekeeper is a Policy Controller for Kubernetes
- Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
- Hashicorp Sentinel - Policy as code framework for HashiCorp Enterprise Products
-
-
Secrets management
-
Regex
- Sops - simple and flexible tool for managing secrets
- Vault - manage secrets and protect sensitive data
- Keybase - end-to-end encrypted chat and cloud storage system
- Vault Secrets Operator - create Kubernetes secrets from Vault for a secure GitOps based workflow
- Git Secret - a bash-tool to store your private data inside a git repository
- Teller - Cloud native secrets management for developers - never leave your command line for secrets
- deepsecrets - Secrets scanner that understands code
- doppler - Platform for Secrets management
- chamber - CLI for managing secrets
-
-
Service catalogue
-
Regex
- Backstage - Backstage is an open platform for building developer portals
- Cortex - Cortex makes it easy for engineering organisations to gain visibility into their services
- OpsLevel - OpsLevel is the developer platform for teams to own, operate, and understand their production infrastructure
- Clutch - An extensible platform for infrastructure management
- Port - Internal developer portal that gives you the flexibility to run any aspect of engineering
-
-
Sharing
-
Regex
- Gitbook - modern documentation format and toolchain using Git and Markdown
- Mintlify - modern standard for public facing documentation
- Docusaurus - easy to maintain open source documentation websites
- MkDocs - project documentation with Markdown
- Obsidian - markdown knowledge base
- Typora - Markdown editor
- Docz - Create MDX files showcasing your code and Docz turns them into a live-reloading, production-ready site
- Antora - The multi-repository documentation site generator for tech writers who write in AsciiDoc
- tldraw - draw things quick
- excalidraw - hand-drawn look and feel diagrams
- vale - A markup-aware linter for prose built with speed and extensibility in mind
- mdBook - Create book from markdown files. Like Gitbook but implemented in Rust
- Docsify - a magical documentation site generator
-
-
Status pages
-
Regex
- cachet - The open-source status page system
- instatus - Get a beautiful status page in 10 seconds, without paying thousands of dollars!
- Atlassian Statuspage - the #1 status and incident communication tool
- PagerDuty status page
-
-
Testing
-
Regex
- QA Wolf - QA Wolf gets web apps to 80% automated end-to-end test coverage in weeks, not years
- gretel - Generate artificial, synthetic datasets with the same characteristics as real data
- shadowtraffic - Rapidly simulate production traffic to your backend
-
A/B testing
- Optimizely - A/B testing at scale
- VWO Testing - A/B testing
- Sitespect - A/B testing and site optimization
-
Load, stress & soak testing
- k6 - cloud-native load tests written in JS
- Artillery - cloud-scale performance testing
- Jmeter - 20+ years of solid Java testing
- Gatling - Java based load testing as code. Note: slower than newer alternatives
- Tsung - high-performance benchmark and stress testing tool
- Locust - modern load testing in Python
- LoadRunner - Load testing tool from Micro Focus
- TCPCopy - TCP stream replay tool to support real testing of Internet server applications
- Siege - HTTP load testing and benchmarking utility
- Wrk - Modern HTTP benchmarking tool
- Web Bench - Web Bench is very simple tool for benchmarking WWW or proxy servers
-
-
Usage-based pricing
-
Load, stress & soak testing
- Use It or Lose It: Why Usage-Based Pricing
- OpenMeter - Usage Metering for AI, DevOps, and Billing. Built for engineers to collect and aggregate millions of events in real-time
- Amberflo - Amberflo provides the most advanced and comprehensive platform for building and deploying usage-based pricing
- Lago - Open Source Metering and Usage Based Billing
- Ordway - Invoice based upon consumption of cloud services
- Metronome
- octane
- orb
- lago
- chargebee
- moesif
- Stigg - Instantly build any pricing plan, gauge access control, introduce paywalls and customer portals
-
-
Application Security
-
Supply chain security
- OWASP dependency-check - software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies
- awesome supply chain security
- chain-bench - open-source tool for auditing your software supply chain stack for security compliance based on a new CISs Software Supply Chain benchmark
- legitify - Detect and remediate misconfigurations and security risks across all your GitHub assets
- steampipe (GitHub compliance mod)
- harden-runner - Security agent for GitHub-hosted runner: block egress traffic & detect code overwrite to prevent breaches
- scorecard - OpenSSF Scorecard - Security health metrics for Open Source
- CVE Prioritizer - Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities
- ossf/allstar - GitHub App to set and enforce security policies
- OSSGadget - Collection of tools for analyzing open source packages
- oak - Oak is a software platform for building distributed systems providing externally verifiable (or falsifiable) claims about system behaviors in a transparent way
-
API Fuzzing
- Cherrybomb - CLI tool that helps you avoid undefined user behaviour by validating your API specifications
- Restler - stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs
- OWASP ZAP - dynamic security testing and web app scanner
- Burpsuite - The enterprise-enabled dynamic web vulnerability scanner
- Dredd - Language-agnostic HTTP API Testing Tool
- Schemathesis - Specification-centric API testing tool for Open API and GraphQL-based applications
- Snapchange - Lightweight fuzzing of a memory snapshot using KVM
- Onefuzz - A self-hosted Fuzzing-As-A-Service platform
- OSS-Fuzz - continuous fuzzing for open source software
-
DAST
- OWASP ZAP - automatically find security vulnerabilities in your web applications while you are developing and testing your applications
- Nikto2 - web server scanner
- Wapiti - Web vulnerability scanner written in Python3
- Skipfish - Web application security scanner created by lcamtuf for google - Unofficial Mirror [Deprecated]
- CI Fuzz - CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line
- nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL
- paulveillard/cybersecurity-dynamic-analysis
- analysis-tools-dev/dynamic-analysis
-
SAST
- static-analysis - A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality
- Shisho - Lightweight static analyzer
- Purple panda - identify privilege escalation paths within and across different clouds
- opensourcesecurityindex.io
- Privado - Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report
-
SCA
- OpenSCA - supports detection of open source component dependencies and vulnerabilities
- Dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
- OSV scanner - Dependency vulnerability scanner written in Go which uses the data provided by [https://osv.dev](https://osv.dev)
- packj - Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
- socket.dev - Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies
- nancy - A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
- deps.dev - Google project for rating dependencies
- dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies
- depguard - Go linter that checks if package imports are in a list of acceptable packages
-
Secrets detection
- Trufflehog - Find leaked credentials
- Detect-secrets - Yelp: An enterprise friendly way of detecting and preventing secrets in code
- Bridgecrew detect-secrets - Bridgecrew fork of yelp/detect-secrets
- ggshield - GitGuardian secrets detection.
- SecretScanner - Deepfence SecretScanner can find unprotected secrets in container images or file systems. Integrated into [ThreatMapper 1.3.0](https://github.com/deepfence/ThreatMapper)
- Gitleaks - SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos
- git-secrets - AWSLabs tool for detecting secrets in git. No longer maintained
- DumpsterDiver - Tool to search secrets in various filetypes. No longer maintained
- keyscope - SpectralOps tool for secrets validation
- leaky-repo - benchmarking repo with secrets in it to test and evaluate detection tools
- Skyscanner/whispers - Identify hardcoded secrets in static structured text
- auth0/repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets
- Ocotopii - An AI-powered Personal Identifiable Information (PII) scanner
- secretlint - Pluggable linting tool to prevent committing credentials.
- auth0/repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets
-
Threat modelling
- Deciduous - security decision tree generator that serves as a threat modelling tool
-
-
Continuous integration
-
Shell into containers
- semantic-release - Fully automated version management and package publishing
- release-please - generate release PRs based on the conventionalcommits.org spec
- git-cliff - A highly customizable Changelog Generator that follows Conventional Commit specifications ⛰️
- meta/hermit - hermetically isolated sandboxes to control program execution
- Spacelift - Spacelift is a sophisticated CI/CD platform for Terraform, CloudFormation, Pulumi, and Kubernetes
- atlantis - Terraform Pull Request Automation
- scalr - Terraform Cloud alternative
- env0 - Manage, deploy, scale, and control all your Terraform, Terragrunt, Pulumi, and related frameworks
- batect - Build And Testing Environments as Code Tool
- autorelease - Release automation for GitHub
- cashapp/hermit - consistent tooling across environments
-
-
Dashboards as code
-
Shell into containers
- Grafanalib - Write Grafana dashboards in Python
- Grafonnet - Jsonnet library for generating Grafana dashboard files
- Steampipe - AWS Insights Mod - Create dashboards and reports for your AWS resources using Steampipe
- kennel - Datadog monitors/dashboards/slos as code, avoid chaotic management via UI
-
-
Dependency management
-
Shell into containers
- Poetry - Python packaging and dependency management
- Renovate - Universal dependency update tool that fits into your workflows
- Dependabot - Automating dependency updates in multiple languages
- configrd - Sync configurations such as environment variables, application properties and secrets across build pipelines, services and environments
- tfenv - Terraform version manager based on rbenv
- asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
- mise - development environment setup tool that manages dev tools, runtimes, envvars and task runners
- spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers
- Lerna - Lerna is a tool for managing JavaScript projects with multiple packages, built on Yarn
- chezmoi - Manage your dotfiles across multiple diverse machines, securely
- just - just is a handy way to save and run project-specific commands
- changesets - A way to manage your versioning and changelogs with a focus on monorepos
- earthly - Super simple build framework with fast, repeatable builds and an instantly familiar syntax – like Dockerfile and Makefile had a baby.
- knip - Find unused files, dependencies and exports in your JavaScript and TypeScript projects
- Devbox - command-line tool that lets you easily create isolated shells for development
-
Build systems
- Bazel - Bazel is Google's monorepo-oriented build system
- buck2 - Buck2 is a fast, hermetic, multi-language build system designed by Meta
- pants - a monorepo-oriented build system, used by Twitter, Foursquare and multiple other companies
- Nx - Nx is a build system with built-in tooling and advanced CI capabilities. It helps you maintain and scale monorepos, both locally and on CI
-
-
Diagrams as code
-
Build systems
- structurizr - Diagrams as code 2.0
- Pluralith - Terraform to diagrams
- cdk-dia - CDK to diagrams
- cfn-diagram - CFN to diagrams
- mingrammer/diagrams - Draw diagrams in Python code
- ascii flow - ASCII editor
- PlantUML - Create diagrams from plaintext language
- Go diagrams - create system diagrams with Go
- Cloudcraft - Create AWS diagrams from deployed infrastructure
- Inframap - Read your tfstate or HCL to generate a graph specific for each provider
- Mermaid - simple diagrams and flowcharts in Markdown
-
-
Containers
-
Threat modelling
- Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
- docker-trim - create a trimmed docker image that contains only parts of the original file system of an existing docker image
- diffoci - diffoci compares Docker and OCI container images for helping reproducible builds
- tini - A tiny but valid `init` for containers
- ko - ko is a simple, fast container image builder for Go applications
- go-containerregistry - Google Go library for working with container images. Includes tools like `crane`, `gcrane`, `krane` & `k8schain`
- Dockle - Docker image linting
- Container-scan - Dockle + Trivy [Deprecated]
- HadoLint - Dockerfile linter, validate inline bash, written in Haskell
- docker-bench - checks for dozens of common best-practices
- aquasecurity/docker-bench
- Dive - A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image
- cadvisor - Analyzes resource usage and performance characteristics of running containers
- Docker-slim - Don't change anything in your Docker container image and minify it by up to 30x
- dfimage - Reverse-engineer a Dockerfile from a Docker image
- Whaler - Go program to reverse Docker images into Dockerfiles
- anchore-engine - A service that analyzes docker images and scans for vulnerabilities
- grype - A vulnerability scanner for container images and filesystems
- testcontainers - open source framework for providing throwaway, lightweight instances of anything that can run in a Docker container
- distroless - Language focused docker images, minus the operating system
- confidential-containers - leverage Trusted Execution Environments to protect containers and data and to deliver cloud native confidential computing
- copacetic - CLI tool for directly patching container images!
- runc - CLI tool for spawning and running containers according to the OCI specification
-
Shell into containers
- cdebug - cdebug - a swiss army knife of container debugging
- debug-ctr - Command-line tool for interactive container troubleshooting
- docker-debug - troubleshooting running docker containers
- docker-opener - Shell-in to any docker container easily
-
-
Documentation as code
-
Build systems
- Doxygen - generate docs from annotated C++ code
- terraform docs - generate docs from Terraform code
- glow - terminal based markdown reader designed for the CLI
- runme - Execute your runbooks, docs, and READMEs
-
-
Endpoint validation
-
Build systems
- Goss - quick and easy server validation
- Prometheus Blackbox exporter - Blackbox prober exporter
-
-
Artifact signing and attestation
-
Threat modelling
- SLSA - Software Attestations
- Cosign - code signing and transparency for containers and binaries
- grafeas - Artifact Metadata API to audit and govern software supply chains
- in-toto - a framework to protect supply chain integrity
- notary - project that allows anyone to have trust over arbitrary collections of data
-
-
Bug tracking
-
Threat modelling
- Bugasura - AI-powered issue tracker
-
-
Chaos engineering
-
Threat modelling
- Chaos Toolkit - the Open Source Platform for Chaos Engineering
- Chaos Monkey - a resiliency tool that helps applications tolerate random instance failures
- Toxiproxy - simulate network and system conditions for chaos and resiliency testing
- Pumba - chaos testing, network emulation and stress testing tool for containers
- Litmus - Cloud Native Chaos Engineering platform
- KubeInvaders - Chaotic fun
-
-
Chat and ChatOps
-
Threat modelling
- Rocket - open source team communication
- Mattermost - messaging platform that enables secure team collaboration
- CloudBot - simple, fast, expandable, open-source Python IRC Bot
- Hubot - a customizable life embetterment robot
- Lita - a robot companion for your company's chat room
- Botkube - chat bot for Kubernetes
- Rootly - Incident management in Slack
- Riot - a universal secure chat app entirely under your control
-
-
Cloud cost management
-
Threat modelling
- Infracost - Predict cost of infrastructure from Terraform code
- Terracost - Cloud cost estimation for Terraform in your CLI
- Zesty - Automated cloud cost optimization for EC2 & RDS
- Vantage - Automated cloud cost optimization
- Scalr - Terraform platform that has cost-optimization features
- Finout - Cloud cost monitoring platform
- Harness Cloud Cost Management - Detect and stop cloud cost anomalies as they occur
- Opencost - Cross-cloud cost allocation models for Kubernetes workloads
- usage.ai - Automated cloud cost optimization for EC2, RDS, ElasticSearch, RedShift
- cast.ai - Kubernetes automated cost savings
-
-
Cloud asset inventory
-
Threat modelling
- Steampipe - `# select * from cloud;`
- Resoto - Resoto creates an inventory of your cloud, provides deep visibility, and reacts to changes in your infrastructure
- Cloudquery - Sync cloud assets to any database, transform and visualize
- Cloudmapper - CloudMapper helps you analyze your AWS environments
- Cloudgraph - The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent
- AWS ClickOps notifier - Get notified when users are taking actions in the AWS Console
- driftctl - Detect, track and alert on infrastructure drift
- Scoutsuite - Multi-Cloud Security Auditing Tools
- prowler - perform AWS security best practices assessments, audits, incident response, continuous monitoring
- saw - Fast, multi-purpose tool for searching AWS CloudWatch Logs
- magpie - Magpie is a free, open-source framework and a collection of community developed plugins that can be used to build complete end-to-end security tools such as a CSPM
-
-
Continuous deployment
Programming Languages
Categories
Application Security
58
Kubernetes
41
Containers
27
Dependency management
19
Testing
17
Git Tools
16
Linting
15
Sharing
13
Usage-based pricing
12
Infrastructure as code
12
Identity and access management
12
Cloud asset inventory
11
Diagrams as code
11
Continuous integration
11
Cloud cost management
10
API tools
10
Kafka
10
Secrets management
9
Platform as a Service
9
Internal developer platform
8
Chat and ChatOps
8
Observability
7
Policy as code
7
Chaos engineering
6
Service catalogue
5
Artifact signing and attestation
5
Dashboards as code
4
Documentation as code
4
Status pages
4
Continuous deployment
3
Endpoint validation
2
Bug tracking
1
Sub Categories
Threat modelling
75
Regex
58
Shell into containers
37
Hook management tools
26
Infrastructure from code
24
Load, stress & soak testing
23
Build systems
21
Secrets detection
15
Supply chain security
11
Kubernetes security posture management
11
API Fuzzing
9
SCA
9
Terraform
8
DAST
8
Kubernetes testing
8
Kubernetes templating
7
Infrastructure as code generation
5
Kubernetes local development
5
SAST
5
Polyrepo operations tools
5
Kubernetes static analysis
4
Repository management tools
4
Kubernetes runtime security
4
A/B testing
3
Kubernetes IAM
2
Keywords
kubernetes
52
security
47
aws
32
docker
31
golang
28
go
27
containers
21
terraform
21
devops
17
cloud
16
python
16
devsecops
16
gcp
15
security-tools
15
cli
14
static-analysis
13
infrastructure-as-code
13
git
12
testing
11
openapi
10
openapi3
10
cncf
10
azure
10
helm
9
vulnerabilities
9
swagger
9
security-audit
9
k8s
9
github
8
linter
8
javascript
8
rust
8
secrets
8
developer-tools
7
iac
7
monitoring
7
iam
7
kafka
7
compliance
7
java
7
devops-tools
6
typescript
6
api
6
observability
6
supply-chain-security
5
sbom
5
serverless
5
vulnerability-detection
5
secrets-detection
5
linting
5