10 Repos
Defense-in-depth for distributed architectures.
Distinguishing note: Focuses on service-to-service security in distributed systems.
Explore 10 awesome GitHub repositories matching security & cryptography · Microservices Security. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Applies defense-in-depth principles to ensure individual services remain protected.
grpc-go is a Go language implementation of the gRPC framework, providing a remote procedure call library for high-performance service communication. It uses the HTTP/2 protocol to execute functions on remote servers as if they were local methods and utilizes protobuf service bindings to generate type-safe client and server code. The project features a bidirectional streaming transport that supports asynchronous, full-duplex message streams between clients and servers. This networking layer allows for various communication patterns, including client-to-server and server-to-client streaming, to
Secures service-to-service communication in distributed architectures using transport layer security.
Sa-Token is a Java-based authentication and authorization framework designed to manage user sessions, permissions, and identity verification within web applications and microservice architectures. It provides a centralized security layer that enforces access control policies and identity validation across distributed service environments and API gateways. The framework distinguishes itself through its support for cross-domain single sign-on and its ability to function as an OAuth2 identity provider. It manages user session lifecycles by applying configurable rules for single or multi-login re
Enforces centralized identity verification and access control policies across distributed microservice architectures and API gateways.
Mall-swarm is a microservices-based e-commerce system built with Spring Cloud Alibaba and Spring Boot. It functions as a scalable online retail platform designed to manage complex business logic through a distributed architecture of independent services. The system utilizes Kubernetes and Docker for service orchestration, incorporating a unified API gateway for traffic routing and service discovery. Security is handled via a unified identity and access management framework for verifying user tokens across all connected microservices. The platform includes a dedicated search engine for high-p
Secures distributed services using the Sa-Token framework for unified identity and access management.
This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployme
Intercepts and validates network requests at the service level to enforce fine-grained access control.
SpringCloud is a development platform for building distributed systems and cloud-native microservices. It provides an integrated framework for microservice development, incorporating service governance, security, and system coordination. The platform features a microservice gateway for managing traffic through dynamic routing and rate limiting, alongside a service registry for discovery. It implements distributed security through token-based authentication, role-based access control, and a specialized system that uses aspect-oriented programming to automatically enforce data-level permissions
Implements centralized authentication and authorization for distributed architectures using Spring Security and secure tokens.
Shenyu is a microservices API gateway designed to route external traffic to backend services using dynamic rules and protocol conversion. It functions as a central entry point that manages traffic flow through a combination of an API traffic governor, a distributed configuration manager, and a security layer for protecting endpoints. The project features a dynamic plugin architecture that allows for the injection of custom request processing logic without restarting the server. It utilizes a distributed coordination service to synchronize routing and policy updates across a gateway cluster in
Integrates microservices security by verifying digital signatures and tokens to authorize backend access.
The CNCF Curriculum is an open-source repository that organizes exam domains and learning paths for CNCF certification courses covering Kubernetes and cloud-native technologies. It structures certification content into weighted domains that reflect exam question distribution, providing a structured study guide for candidates preparing for CNCF certifications. The curriculum is organized around multiple cloud-native domains including networking, security, GitOps, platform engineering, and certification preparation. It teaches cloud-native concepts through the lens of building and operating int
Teaches pod security contexts and network policies to limit the blast radius of compromised workloads.
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Covers authentication, authorization, and data protection measures for APIs and microservice architectures.
Dieses Projekt ist eine umfassende Enterprise-Architektur für den Aufbau von mandantenfähigen (multi-tenant) verteilten Systemen, implementiert als Spring-Cloud-Microservices-Plattform. Es bietet ein vollständiges Framework für die Verwaltung von Microservices mit Fokus auf mandantenfähige Datenarchitektur und zentralisierte Identitätsbereitstellung. Die Plattform zeichnet sich durch ihren integrierten Ansatz für Identität und Sicherheit aus und nutzt einen OAuth2-Identitätsanbieter, um Single-Sign-On, rollenbasierte Zugriffskontrolle und JWT-Token-Ausstellung über verteilte Dienste hinweg zu verwalten. Sie trennt zudem organisatorische Grenzen durch mandantenfähige Datenisolierung und stellt sicher, dass Ressourcen und Daten logisch oder physisch zwischen verschiedenen Mandanten partitioniert sind. Das System deckt ein breites Spektrum an verteilten Funktionen ab, einschließlich Service-Governance durch API-Gateway-Routing und Circuit-Breaking sowie Datenkoordination mittels verteilter Transaktionen und Sperrmechanismen. Es enthält zudem einen verteilten Observability-Stack für Request-Tracing und zentralisiertes Logging, neben der Synchronisierung von Suchmaschinen in Echtzeit und asynchronem, eventgesteuertem Messaging. Der Entwicklungsworkflow wird durch Automatisierungstools für die Generierung von Anwendungscode und plattformspezifisches Binär-Packaging unterstützt.
Provides a centralized security authority to manage authentication and authorization across all microservices.