27 مستودعات
Systems for tracking and recording actions for security and compliance monitoring.
Distinguishing note: Focuses on auditing scaffolding actions to prevent unauthorized resource modifications.
Explore 27 awesome GitHub repositories matching security & cryptography · Audit Logs. Refine with filters or upvote what's useful.
Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact. The platform distinguishes itself through an eve
Maintains detailed audit logs of user actions to ensure accountability and compliance.
Harbor is a self-hosted, enterprise-grade container registry platform designed to store, sign, and scan container images and cloud-native artifacts. It provides a centralized repository that integrates directly with Kubernetes environments to manage the full lifecycle of software artifacts, from initial storage to production deployment. The platform distinguishes itself through a focus on security, governance, and multi-site availability. It features a pluggable vulnerability scanning framework that allows for the integration of various security engines, alongside content trust mechanisms tha
Tracks and records all repository activities to provide a comprehensive history for security and compliance.
This project is a comprehensive security hardening and privacy management guide for macOS. It provides a set of instructions and checklists for reducing the system attack surface through manual configuration, policy enforcement, and a layered defense strategy. The guide emphasizes a system auditing framework, using binary analysis, system logs, and packet inspection to verify that security controls and application sandboxing are functioning as intended. It offers tool-agnostic recommendations, defining security goals while allowing users to select their own third-party software for implementa
Provides a framework for using system logs and binary analysis to verify that security configurations are operating as intended.
This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven
Records modifications to managed infrastructure resources for visibility and compliance.
Nomad is a distributed workload orchestrator and infrastructure automation platform designed to manage the lifecycle of applications across large-scale, heterogeneous environments. It functions as a multi-cloud orchestration engine, providing a unified control plane to deploy, scale, and govern containers, virtual machines, and legacy applications. By utilizing declarative job specifications, the system ensures infrastructure convergence and maintains the desired state across distributed data centers and geographic regions. The platform distinguishes itself through a flexible, plugin-based ar
Records user-issued actions and API requests to provide operational traceability and security compliance.
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
Maintains version history of resource configurations to audit modifications and support infrastructure lifecycle management.
Encore is a distributed systems framework designed to unify backend development, infrastructure provisioning, and observability. It functions as an infrastructure-as-code platform that allows developers to define cloud resources, databases, and messaging topics directly within their application code. By analyzing these declarations at compile-time, the system automatically manages the deployment of cloud resources and security policies, ensuring parity between local development and production environments. The platform distinguishes itself through its integrated development experience, which
Maintains audit records for infrastructure modifications to ensure visibility and prevent accidental resource loss.
Crossplane is a Kubernetes-based control plane framework that functions as a cloud resource orchestrator and infrastructure-as-code platform. It enables the management of heterogeneous infrastructure by extending the Kubernetes API to provision and maintain external cloud services through declarative configuration. By utilizing custom resource controllers, it continuously reconciles the state of external infrastructure with defined desired states, ensuring consistent deployment and lifecycle management across multiple cloud providers. The platform distinguishes itself through its composition-
Maintains detailed logs of all modifications made to managed resources to ensure visibility and compliance.
Grist is a relational spreadsheet platform that combines the flexibility of a spreadsheet with the power of a relational database. At its core, it manages structured data across multiple linked tables, using a relational database engine to organize information while providing a familiar grid interface. The platform supports Python-based formulas for complex calculations and data transformations, with automatic recalculation when referenced cells change. The system is designed for self-hosted deployment, storing data in either portable SQLite files or enterprise-grade PostgreSQL databases. It
Records every document modification as an immutable action log for auditing and undo.
Meshery is a service mesh management plane and cloud native infrastructure orchestrator. It provides a visual design-as-code environment for modeling microservices and infrastructure components through declarative blueprints, functioning as a centralized platform for designing, deploying, and managing service mesh infrastructure. The platform is distinguished by its ability to translate visual designs into active deployments and its use of gRPC-based adapters to integrate with diverse infrastructure providers. It features a multi-tenant architecture that manages shared workspaces and role-bas
Maintains accurate resource snapshots by subscribing to real-time event streams and listening for infrastructure state changes.
Lago is an open-source billing platform designed for managing subscriptions, usage-based metering, and automated invoicing. It functions as a comprehensive system for defining pricing plans, tracking real-time consumption via a metering engine, and controlling feature entitlements based on active customer subscriptions. The platform differentiates itself through a dynamic billing engine that supports hybrid pricing models and a credit-based wallet system for managing prepaid funds. It includes specialized tools for multi-tenant entitlement mapping, allowing operators to tie specific product p
Maintains a detailed history of all API requests and resource modifications for security and compliance auditing.
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
Tracks modifications to cloud resource settings through templates to maintain audit logs and compliance.
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
Provides detailed event logs and monitoring for weak or reused passwords to audit data access.
Databasus is a self-hosted backup platform that automates PostgreSQL backups, verifies their restorability, and stores them across multiple destinations while managing team access with role-based permissions. It combines on-the-fly AES-256-GCM encryption, cron-driven scheduling, job-queue-based verification, multi-destination storage, WAL streaming, throwaway container restore testing, and workspace-based role access control into a unified backup system. The platform distinguishes itself through automatic backup verification that restores each backup into a temporary database container for in
Records every user action such as backup initiation and workspace changes for security and compliance monitoring.
my-git هو إطار عمل شامل ودليل مرجعي لإدارة التحكم في الإصدار Git، وحوكمة المستودعات، وإدارة إصدار البرمجيات. يوفر نهجاً مهيكلاً لإدارة دورة حياة تطوير البرمجيات، من تفرع الميزات الأولي إلى النشر النهائي في الإنتاج. يتميز المشروع بإطار عمل متخصص للتطوير بمساعدة الذكاء الاصطناعي. يتضمن ذلك سير عمل لإدارة الكود المولد بواسطة الذكاء الاصطناعي عبر مراجعات الاختلاف المؤتمتة، وتقسيم الالتزام القائم على القصد، ونماذج حوكمة لتنسيق الوكلاء المتعددين وعزل الجلسة باستخدام أشجار العمل (Worktrees). يغطي الكود المصدري سطحاً واسعاً من الممارسات الهندسية، بما في ذلك أتمتة خط أنابيب CI/CD، وحوكمة مستودعات المؤسسات، وإجراءات الاسترداد المتقدمة لاستعادة الالتزامات المفقودة أو تطهير البيانات الحساسة. كما يفصل أنماط التعاون مثل التطوير القائم على الجذع، وطلبات السحب المكدسة، وأنظمة الموافقة المتدرجة. يعمل المستودع كمرجع تقني ودليل تعليمي لتنفيذ استراتيجيات التفرع القياسية وسياسات أمان المستودعات.
Includes practices for maintaining a versioned history of infrastructure and permission updates for auditing purposes.
Hazelcast is a distributed data platform that combines an in-memory data grid with a stream processing engine to support real-time analytics and event-driven applications. It functions as a partitioned, distributed key-value store that replicates data across cluster nodes to provide low-latency access and high availability. The platform also serves as a distributed SQL query engine, allowing users to execute standard SQL statements against both in-memory datasets and external data sources. What distinguishes Hazelcast is its use of a distributed consensus subsystem to maintain strongly consis
Structures log output using templates to simplify ingestion and analysis by external log management tools.
Airweave is a unified AI knowledge base platform that syncs data from external APIs into a searchable layer for retrieval-augmented generation. It provides a pre-built data connector library and a framework for building custom connectors, enabling the extraction, transformation, and synchronization of structured and unstructured data from SaaS applications. The platform includes a hybrid vector retrieval system that combines semantic, neural, and keyword search strategies to deliver grounded context for AI agents. The platform distinguishes itself through an agentic search engine that iterati
Logs creation, authentication, and deletion of source connections and collections for compliance and debugging.
Cowrie is an SSH and Telnet honeypot that simulates vulnerable services to capture attacker commands, file transfers, and brute force attempts for deception and monitoring. It uses Python-based protocol emulation within a Twisted event-driven network framework to handle concurrent connections, while maintaining an in-memory virtual filesystem that logs every read, write, and traversal operation. The honeypot distinguishes itself through LLM-driven dynamic response generation, producing context-aware shell replies that adapt to attacker commands rather than relying on static templates. A plugi
Serializes all attacker commands, outputs, and file transfers into structured JSON logs for replay.
ethr هو أداة تشخيص شبكة سطر أوامر ومحلل أداء مصمم لقياس الإنتاجية، وزمن الوصول، وفقدان الحزم عبر بروتوكولات TCP و UDP و ICMP. يعمل كاختبار لإنتاجية الشبكة متعدد الخيوط وأداة تشخيصية لتحليل صحة الاتصال بين نقاط نهاية العميل والخادم. يتميز المشروع من خلال تشخيصات متخصصة مثل مراقبة إعادة إرسال TCP وتحليل المسار ثنائي الاتجاه لتحديد اختلافات الأداء غير المتماثلة. ويوفر القدرة على تقييم العبء الزائد لاتصالات HTTPS المشفرة وفرض إصدارات IP محددة لعزل الاختناقات الخاصة بالبروتوكول. تغطي إمكاناته الأوسع تتبع مسار الشبكة، وتحليل التذبذب (jitter) والتأخير، واختبار السعة لتحديد أقصى معدلات الحزم والاتصال. كما تستخرج الأداة مقاييس الشبكة الخام من نظام التشغيل وتوفر إحصائيات الواجهة في الوقت الفعلي. يتم عرض نتائج القياس وأحداث النظام في جداول طرفية منظمة ويمكن تصديرها إلى ملفات JSON للتدقيق دون اتصال.
Serializes measurement results and system events into structured JSON files for offline analysis and auditing.
Pomerium هو وكيل عكسي (reverse proxy) واعٍ بالهوية ومبني على مبدأ الثقة الصفرية (zero-trust) مصمم لتأمين التطبيقات والبنية التحتية الداخلية دون الحاجة إلى VPN تقليدي. من خلال التحقق من كل طلب عبر مزود هوية ومحرك سياسات تصريحي، فإنه يضمن منح الوصول بناءً على هوية المستخدم، وسياق الجهاز، وسمات الطلب بدلاً من موقع الشبكة. يتميز المشروع بقدرته على التعامل مع بروتوكولات متنوعة ومتطلبات وصول معقدة. يوفر وصولاً آمناً ومتحققاً من الهوية لتطبيقات الويب، وخدمات TCP و UDP، واتصالات SSH، مستبدلاً المفاتيح الساكنة بشهادات مؤقتة قصيرة العمر. بالإضافة إلى ذلك، يعمل كبوابة لبروتوكول سياق النموذج (Model Context Protocol)، مما يتيح الاكتشاف الآمن، والتدقيق، وتنفيذ الأدوات القائم على السياسات لوكلاء الذكاء الاصطناعي والخدمات المؤتمتة. يتكامل Pomerium مع Kubernetes كـ ingress controller، حيث يترجم موارد ingress الأصلية إلى تكوينات توجيه واعية بالهوية. تدعم بنيته مزامنة مستوى التحكم المركزي، مما يسمح للمسؤولين بتوزيع سياسات الأمان، وشهادات TLS، وتكوينات التوجيه عبر عناقيد الوكيل الموزعة. يوفر النظام أيضاً إدارة دقيقة لحركة المرور، بما في ذلك موازنة التحميل، ومعالجة الترويسات، والتصفية القائمة على المسار، لضمان اتصال آمن وعالي الأداء بخدمات الخلفية. تم تصميم المشروع لنشر مرن، ويدعم كلاً من البنيات الموحدة وغير المترابطة لاستيعاب التوسع المستقل لمكونات البيانات ومستوى التحكم. يوفر قابلية مراقبة شاملة من خلال سجلات تدقيق قرارات التفويض وتصدير مقاييس الأداء، مما يسهل الامتثال ومراقبة الأمن عبر بيئات متنوعة.
Logs every tool execution through the proxy to provide observability of client and server interactions.