#Zero-trust
Showing 60 of 62 repositories tagged #zero-trust, ranked by stars
A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
8 Lessons, Kick-start Your Cybersecurity Learning.
Pomerium is an identity and context-aware access proxy.
AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.
Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.
Secure internet sharing made simple.
The parent project for OpenZiti. Here you will find the executables for a fully zero-trust, programmable network @OpenZiti
Boundary enables identity-based access management for dynamic infrastructure.
A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA platform, API/AI/MCP gateway, a PaaS, an ngrok-alternative and a homelab infrastructure.
💚🇺🇸🗽Secure remote browsing anywhere, any way you like it.
Sandbox any AI agent in seconds - zero setup, zero latency.
DockFlare: Automate Cloudflare Tunnels with Docker Labels
Tailscale Sidecar Configurations for Docker
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
🚀 An 800KB RAM ultra-lightweight Cloudflare WARP SOCKS5 proxy in Docker. 仅需 800KB 内存的纯内核态 Cloudflare WARP 代理 - Docker
ZeroTier One as Docker Image
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
ClawdHome securely isolates and manages multiple OpenClaw gateway instances on one Mac.
Manage network policies, AWS, GCP & Azure IAM policies, Istio Authorization Policies, and Kafka ACLs in a Kubernetes cluster with ease.
Agyn is an open-source Kubernetes-native runtime that moves AI agents like Claude Code and Codex from laptops to company infrastructure with the controls enterprises need.
VMware Secrets Manager is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhead.
Local-first AWS forensic engine. Finds waste via dependency graph analysis and enables safe remediation with Terraform state restoration.
A cross-platform, memory-safe, and easy-to-use 2FA and credentials manager for PC.
The secure gateway connecting AI agents to enterprise systems.
Ziti SDK for Golang
Continuous Development on Kubernetes environments with Skaffold
DriveLite: The Supabase for File Storage. A modular, self-hostable backend with end-to-end encryption.
Integrates Spiffe and Vault to have secretless authentication
Ziti SDK for Python
A C-based sdk for delivering secure applications over a Ziti Network
An SDK for embedding zero trust into Node.JS applications and web servers to improve security.
AgentGuard: Zero-Trust Security Foundation for AI Agents
The Azure Spring Apps landing zone accelerator is an open-source collection of architectural guidance and reference implementation to accelerate deployment of Azure Spring Apps at scale.
HTTP/3-enable existing HTTP apps. Leverage HTTP3 native features and auto-enable workload identity (SPIFFE), AuthN (mTLS/x509, OIDC/Auth0-Okta), AuthZ (OPA), defense-in-depth (WAAP/WAF), and observability (metrics, logs, alerting, dashboard).
Serverless, Zero-Trust SSH for Microsoft Azure
Ziti SDK for JVM
K8s operator for configuring Cloudflare Zero Trust :cloud: :zap: :closed_lock_with_key:
Adaptive AWS Zero Trust Policy made easy: Auto-generate least-privilege policies based on user activity in real time! Accelerate the adoption of smart access control
Your ultimate infrastructure to run a CTF, with a BeyondCorp-like zero-trust network and simple infrastructure-as-code configuration.
:cloud: Terraform Provider for Zscaler Private Access :cloud:
AWS SSM made easy
Official helm charts for Pomerium.
Symbiont lets teams build production agentic applications where every action is governed, every tool is verified, every agent has identity, and every decision leaves an audit trail.
Semantic memory system with knowledge graph, spreading activation, embedding-based recall, autonomous dream consolidation, and C++ LSTM+kNN pattern learning for any /MCP and the Hermes Agent.
Global web3.0 decentralized private retrieval of data security network,Building Cyber Sovereignty. by @IceFireLabs
Fail-closed execution firewall for AI agents: quarantine MCP tools, proxy OpenAI-compatible requests, emit signed receipts, and verify EvidencePacks offline.
:cloud: Terraform Provider for Zscaler Internet Access :cloud:
Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials.
Cloudflare for Teams + HashiCorp Vault = Zero Trust Love
An AST-free, LLM-free heuristic knowledge graph engine for deep repository intelligence. Map, secure, and modernize enterprise codebases across 50+ languages at extreme velocity
🛡️ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seconds. No fees. No experts needed. Just protection. One node's detection → everyone's protection.
Automatically synchronize Cloudflare Tunnels and routes from Docker container labels.
Proof of Human Intent (PoHI) - Cryptographically verifiable human approval for AI-driven development
Official Zscaler SDK Python provides an uniform and easy-to-use interface for each of the Zscaler product APIs.
An operator for running Pomerium on a Kubernetes cluster.
Netbird Collection for Ansible
The Universal Agent Interoperability Protocol: The TCP/IP of the AI Economy