19 Repos
Mechanisms for enforcing security checks on incoming code changes at the server level.
Distinguishing note: Focuses on server-side enforcement.
Explore 19 awesome GitHub repositories matching devops & infrastructure · Server-Side Hook Enforcement. Refine with filters or upvote what's useful.
Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor
Executes server-side scans on incoming code changes to block sensitive information from being pushed.
Buf is a toolchain for managing the full lifecycle of Protocol Buffers schemas. It provides a set of tools for schema governance, including linting to enforce style guides, a breaking change detector to ensure backward compatibility, and a system for producing language-specific source code via local or remote plugins. The project distinguishes itself through a remote schema registry that centralizes the hosting, versioning, and distribution of Protocol Buffers modules. This registry allows for server-side enforcement of governance policies, such as blocking updates that introduce backward-inc
Runs lint and policy checks server-side to reject pushes that violate organizational standards.
IdeaVim – A Vim engine for JetBrains IDEs
Runs user-written Vim script files inside the IDE to configure and automate editing tasks.
degit ist ein Git-Projekt-Scaffolder und Repository-Downloader, der neue Projekte aus Remote-Git-Templates initialisiert. Er ruft den neuesten Commit eines Repositorys als sauberen Snapshot ab und entfernt dabei die gesamte Versionskontrollhistorie und Metadaten, um einen frischen Startpunkt zu bieten. Das Tool unterstützt das Abrufen spezifischer Branches, Tags oder Commit-Hashes, um sicherzustellen, dass das Projekt eine präzise Quellversion verwendet. Es kann zudem eine Unterverzeichnis-Extraktion durchführen, was das Herunterladen eines bestimmten Ordners aus einer Remote-Quelle anstelle des gesamten Projektbaums ermöglicht. Das Dienstprogramm enthält einen lokalen Snapshot-Cache, um zukünftige Abrufe zu beschleunigen, und unterstützt sichere Authentifizierung über HTTPS oder SSH für den Zugriff auf private Repositories. Es bietet zudem Mechanismen für die Ausführung von Post-Extraction-Hooks, um Bereinigungsskripte nach dem Entpacken des Projekts auszuführen.
Executes custom cleanup scripts or commands immediately after the repository archive is unpacked.
This project is a desktop automation scripting framework and shell script command runner. It allows users to execute custom scripts and workflows from a central launcher to automate repetitive desktop tasks and system operations. The framework functions as a unified command interface and a JSON input automation bridge, serializing search queries into arguments passed to the execution environment. It integrates large language model prompts directly into the desktop interface to automate content generation and answer questions. The system handles a broad range of capabilities including the exe
Runs custom user-written scripts from a central search interface to perform specific automation workflows.
Soft Serve is a self-hosted Git server that authenticates users via SSH public keys and provides a terminal-based user interface for browsing repositories, files, and commits. It stores repository data and configuration in either SQLite or PostgreSQL, and supports role-based access control with four permission levels for managing repository visibility and write access. The server can be deployed via Docker or managed as a systemd service, and supports webhook notifications for push, collaborator, and branch or tag events to integrate with external automation workflows. It also enables server-
Provides server-side execution of custom scripts on push events with flexible configuration.
Tron is an automated script that runs a sequenced collection of disinfection and cleanup utilities to remove malware and temporary files from a Windows system. It executes a multi-stage sequence of temp-file cleanup, malware scans, system repairs, and optimization tasks in a single unattended pass, and can detect a prior incomplete run to restart from the last successfully completed stage while preserving previously used command-line switches. The tool runs multiple anti-virus and anti-rootkit scanners in sequence, including MBAM, AdwCleaner, KVRT, Sophos, TDSS Killer, and McAfee Stinger, to
Runs any user-supplied batch files placed in a designated folder just before the script finishes.
yadm is a dotfile manager that uses Git as its underlying version control engine to track, synchronize, and manage configuration files across multiple machines. It keeps dotfiles in their original home directory locations while providing a system for deploying different file versions based on operating system, hostname, or hardware architecture through an alternate file naming convention. The tool distinguishes itself through several integrated capabilities that go beyond basic version control. It includes a template-based configuration generation system that renders files by merging template
Triggers custom scripts before or after every yadm command for setup or cleanup.
Executes custom scripts before or after any supported command, with the ability to abort on failure.
NanoKVM is a KVM-over-IP device that provides remote keyboard, video, and mouse control over IP networks for headless server management. It functions as remote server management hardware enabling out-of-band control of a computer's power, BIOS, and operating system over a network, while also serving as a RISC-V single-board computer for embedded and edge applications. The device additionally operates as an AI edge inference device running neural network models locally for real-time image recognition and object detection, and integrates Tailscale as a VPN appliance for secure peer-to-peer conne
Runs user-defined scripts on the device to automate tasks or integrate with other systems.
Groovy ist eine JVM-Programmiersprache und ein Metaprogrammierungs-Framework, das eine Java-kompatible Umgebung für die Anwendungsentwicklung bietet. Es fungiert als dynamische Skriptsprache und als Werkzeug zum Verfassen domänenspezifischer Sprachen, was die Ausführung benutzerdefinierter Skripte und die Erstellung spezialisierter Minisprachen mit prägnanter Syntax ermöglicht. Das Projekt zeichnet sich durch die Fähigkeit aus, Programmverhalten und Klassendefinitionen sowohl durch Compile-Time- als auch durch Runtime-Metaprogrammierung zu modifizieren. Es nutzt ein hybrides Typisierungsmodell, das dynamische Methodenauflösung mit optionaler statischer Typüberprüfung kombiniert, um Flexibilität und Ausführungsperformance in Einklang zu bringen. Die Sprache deckt ein breites Spektrum an Funktionen ab, einschließlich funktionaler Programmiermuster, AST-Transformationen und der direkten Integration von Java-Bibliotheken. Sie enthält zudem Sicherheitswerkzeuge zur Vermeidung von SQL-Injection, zur Absicherung des XML-Parsings und zur Gewährleistung eines sicheren Parsings strukturierter Daten. Das System übersetzt High-Level-Syntax in JVM-Bytecode zur Ausführung auf jeder kompatiblen Java Virtual Machine.
Provides the ability to execute custom logic via scripts to bypass full application structures.
Backrest is a web-based management interface for Restic that orchestrates scheduled snapshots, manages offsite repositories, and provides a browser for file restoration. It serves as a scheduled backup orchestrator and remote storage manager to maintain data repositories across various backends. The system distinguishes itself through a backup lifecycle automation framework that triggers shell scripts and external notifications based on backup events. It includes a snapshot restoration browser that allows for exploring point-in-time snapshots to recover specific directories to local paths. T
Triggers custom external shell scripts immediately before or after backup processes for prerequisites and cleanup.
Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It handles certificate application, renewal, and deployment across multiple domains through a pipeline-driven workflow engine, with DNS challenge orchestration and multi-cloud deployment capabilities. The platform distinguishes itself through its configurable pipeline system, which allows users to build multi-step workflows that can pass outputs between tasks, execute custom scripts, and handle errors. It supports multi-tenant access control with role-based permissions, encrypted cre
Runs user-defined scripts to perform arbitrary tasks such as calling APIs, executing system commands, or sending emails.
This project is a Go library and framework for implementing the SSH protocol. It provides a toolkit for building custom SSH servers, managing encrypted connections, and handling remote command execution. The implementation focuses on flexible session management through callback-based handling and a pluggable authentication system that supports passwords, public keys, and certificates. It includes mechanisms for secure network tunneling, including local and reverse port forwarding for TCP and Unix domain socket traffic. The library covers a broad range of protocol capabilities, including cryp
Provides connection lifecycle hooks to intercept and validate new connections before processing them.
This project is a Docker volume backup tool and data lifecycle manager that archives volume data to local storage, SSH, or cloud providers. It operates as a containerized backup orchestrator and companion container that coordinates volume snapshots and manages the restoration of data for disaster recovery. The tool distinguishes itself through integrated security and consistency controls, utilizing GPG or age encryption to secure archives before remote transmission. It ensures data integrity by managing container states, such as stopping services or running database dump utilities via lifecyc
Executes custom scripts at specific backup lifecycle stages to ensure data consistency and environment setup.
Sshwifty is a web-based remote terminal and SSH client that allows for the administration of remote systems through a browser without requiring a native terminal client. It provides a password-protected administrative portal to restrict unauthorized access and supports both SSH and Telnet connectivity. The application includes a SOCKS5 proxy gateway to route outgoing remote terminal traffic. It also utilizes server-side hooks that execute external processes to validate or modify connection logic before a session is established. The system manages connectivity parameters through environment-b
Triggers external server processes to modify behavior or abort remote connections based on process return codes.
Container-db-backup ist ein Container-natives Dienstprogramm, das darauf ausgelegt ist, die Datenbankwartung zu automatisieren, einschließlich wiederkehrender Backups, Datenwiederherstellung und sicherer Archivierung. Es arbeitet durch die Ausführung isolierter Backup-Jobs innerhalb ephemerer Container, was konsistente Umgebungen für Datenschutz-Workflows über mehrere Datenbank-Hosts hinweg sicherstellt. Das Tool zeichnet sich durch ein Pipeline-orientiertes Verarbeitungsmodell aus, das Datenbank-Dumps vor der Speicherung durch Komprimierungs- und Verschlüsselungsstufen streamt. Es unterstützt flexible Speicherkonfigurationen, die es ermöglichen, Daten auf lokale Dateisysteme oder Remote-S3-kompatible Objektspeicher zu leiten. Um die Datenzuverlässigkeit zu wahren, führt das System kryptografische Prüfsummenverifizierungen für alle Archive durch und verwaltet Backup-Lebenszyklen durch die Automatisierung der Entfernung oder Archivierung veralteter Dateien basierend auf definierten Richtlinien. Die Plattform bietet umfassende Workflow-Erweiterbarkeit durch Hook-basierte Skripte, was benutzerdefinierte Vorverarbeitung oder die Integration in externe Überwachungs- und Sicherheitssysteme ermöglicht. Sie enthält zudem integrierte Statusverfolgung zur Überwachung des Betriebsstatus und zur Alarmierung bei Fehlern, was eine konsistente Überwachung des gesamten Backup- und Wiederherstellungsprozesses sicherstellt.
Executes user-defined scripts before or after backup operations to perform custom pre-processing or external system integration.
Open-android-backup is a command-line utility designed for the automated archival and restoration of mobile device data. It enables users to capture applications, internal storage, and contact information into encrypted, open-standard archives, ensuring long-term data ownership and portability without reliance on proprietary vendor software. The tool distinguishes itself by facilitating these operations without requiring root-level system access. It achieves this by utilizing a companion application to grant the host machine necessary permissions, while simultaneously protecting user privacy
Supports executing user-defined scripts during backup or restore operations to handle specific device requirements or custom data management tasks.
Pika Backup ist ein Desktop-Tool für Linux, das eine grafische Oberfläche für die Verwaltung von Datei-Archivierungsaufgaben bietet. Es ermöglicht die Erstellung verschlüsselter, deduplizierter und inkrementeller Backups auf lokalen sowie Remote-Speicherzielen und sorgt so für Datenredundanz und Schutz vor Hardwareausfällen. Die Anwendung fungiert als Desktop-Client für die zugrunde liegende Storage-Engine und ermöglicht es Nutzern, wiederkehrende Backup-Operationen zu planen und Snapshots über ein natives Interface zu verwalten. Sie integriert sich in Systemdienste, um die Orchestrierung von Hintergrundaufgaben, Power-Management und Hardware-Benachrichtigungen zu handhaben, wodurch Backup-Prozesse reaktionsfähig und automatisiert bleiben, ohne manuelles Eingreifen zu erfordern. Über die Kern-Archivierung hinaus unterstützt die Software die Konfiguration diverser Speicherorte, einschließlich Netzwerkfreigaben und Remote-Servern. Nutzer können bestehende Archive durchsuchen, um spezifische Dateien oder Ordner direkt wiederherzustellen, und Pre- sowie Post-Backup-Hooks nutzen, um benutzerdefinierte Befehle zur Vorbereitung oder Bereinigung der Umgebung auszuführen.
Executes custom shell commands before or after backup tasks for environment preparation or cleanup.