21 projects
Open Policy Agent
Stop using a different policy language, policy model, and policy API for every product and service you use. Use OPA for a unified toolset and framework for policy across the cloud native stack. Whether for one service or for all your services, use OPA to decouple policy from the service's code so you can release, analyze, and review policies (which security and compliance teams love) without sacrificing availability or performance.
Contributors
4,514
Organizations
1,211
Software value
$257M
Kyverno
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies.
Contributors
3,432
Organizations
1,005
Software value
$93M
Cloud Custodian
Cloud Custodian enables users to be well managed in the cloud. The simple YAML DSL allows you to easily define rules to enable a well-managed cloud infrastructure, that's both secure and cost optimized.
Contributors
2,426
Organizations
425
Software value
$40M
WSO2 Identity Server
WSO2 Identity Server is an open-source identity and access management (IAM) solution that enables organizations to manage user identities, secure access to applications and APIs, and implement strong authentication and authorization. It provides features like single sign-on (SSO), multi-factor authentication, identity federation, and compliance with security standards.
Contributors
1,715
Organizations
120
Software value
$20M
RKE2
RKE2 (also known as RKE Government) is a Kubernetes distribution focused on security and compliance, built for government and highly regulated environments. It provides a streamlined, FIPS-compliant Kubernetes installation that packages the upstream Kubernetes components as a single binary, making it easier to deploy and maintain production-ready clusters.
Contributors
1,594
Organizations
376
Software value
$695K
Prowler
Prowler is an open-source security assessment tool designed to perform security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness assessment of AWS cloud environments. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and additional security best practices.
Contributors
1,519
Organizations
215
Software value
$43M
Kubescape
Kubescape is an open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA hardening guidance and the MITRE ATT&CK® . Kubescape scans K8s clusters, YAML files, and HELM charts, and detect misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline and provides a risk score instantly and risk trends over time. Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI and Github workflows. Kubescape policies are based on Open Policy Agent and the REGO language. A key idea behind Kubescape it to put security capabilities at the hands of the Developers and the DevOps teams. Our vision is to create a wide open-source Kubernetes security project with capabilities that will span across configuration control, vulnerabilities, RBAC management and runtime security - all made for developers and DevOps to add to their tools in a native way.
Contributors
1,242
Organizations
377
Software value
$82M
ComplianceAsCode
ComplianceAsCode is an open source project that provides tools and content for security compliance automation. It includes SCAP security guides and automated security scanning tools to help organizations assess and maintain compliance with various security standards and benchmarks.
Contributors
1,157
Organizations
159
Software value
$47M
SELinux
SELinux (Security-Enhanced Linux) is a security architecture integrated into the Linux kernel that provides mandatory access control (MAC) mechanisms and enforces security policies to enhance system security beyond traditional discretionary access controls. It implements NSA-developed security policies and includes tools for policy management and system hardening.
Contributors
401
Organizations
116
Software value
$7.1M
Azure Landing Zones
Azure Landing Zones is a comprehensive enterprise-scale infrastructure deployment framework for Microsoft Azure that provides prescriptive architecture guidance, reference implementations, and automated solutions for establishing secure, scalable cloud environments. It enables organizations to implement Azure infrastructure using proven patterns for governance, security, and compliance.
Contributors
392
Organizations
27
Software value
$4.9M
Gravitee API Management
Gravitee.io - OpenSource API Management
Contributors
350
Organizations
29
Software value
$49M
Veraison
Veraison is an open-source project focused on remote attestation and verification of software supply chain artifacts. It provides a framework for verifying evidence about system components, enabling trust decisions based on attestation results from various sources.
Contributors
207
Organizations
58
Software value
$18M
Apache Syncope
Apache Syncope is an open source Identity Access Management (IAM) system that provides comprehensive digital identity management, provisioning, and access governance capabilities. It enables organizations to manage identities, credentials, and access rights across multiple systems and applications through a unified platform.
Contributors
132
Organizations
16
Software value
$13M
Rudder
Rudder is an open-source IT infrastructure automation and compliance tool that provides continuous configuration management, automated system auditing, real-time compliance monitoring, and security policy enforcement for large-scale server environments
Contributors
111
Organizations
14
Software value
$15M
Paladin
A project focused on developing tools and solutions for the Linux Foundation's Digital Trust initiatives
Contributors
70
Organizations
12
Software value
$8.5M
Chainloop
Chainloop is an open source software supply chain control plane that helps organizations secure and manage their software supply chain. It provides a central platform for managing artifacts, attestations, and control policies across the software development lifecycle.
Contributors
59
Organizations
28
Software value
$38M
MITRE SAF CLI
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
This project hasn't been onboarded to LFX Insights.