19 dépôts
Mechanisms for enforcing security checks on incoming code changes at the server level.
Distinguishing note: Focuses on server-side enforcement.
Explore 19 awesome GitHub repositories matching devops & infrastructure · Server-Side Hook Enforcement. Refine with filters or upvote what's useful.
Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor
Executes server-side scans on incoming code changes to block sensitive information from being pushed.
Buf is a toolchain for managing the full lifecycle of Protocol Buffers schemas. It provides a set of tools for schema governance, including linting to enforce style guides, a breaking change detector to ensure backward compatibility, and a system for producing language-specific source code via local or remote plugins. The project distinguishes itself through a remote schema registry that centralizes the hosting, versioning, and distribution of Protocol Buffers modules. This registry allows for server-side enforcement of governance policies, such as blocking updates that introduce backward-inc
Runs lint and policy checks server-side to reject pushes that violate organizational standards.
IdeaVim – A Vim engine for JetBrains IDEs
Runs user-written Vim script files inside the IDE to configure and automate editing tasks.
degit est un outil de scaffolding de projets Git et de téléchargement de dépôts qui initialise de nouveaux projets à partir de templates Git distants. Il récupère le dernier commit d'un dépôt sous forme de snapshot propre, supprimant tout l'historique de contrôle de version et les métadonnées pour fournir un point de départ frais. L'outil prend en charge la récupération de branches, tags ou hashs de commit spécifiques pour garantir que le projet utilise une version source précise. Il peut également effectuer l'extraction de sous-répertoires, permettant le téléchargement d'un dossier spécifique à partir d'une source distante plutôt que de l'arborescence complète du projet. L'utilitaire inclut un cache de snapshot local pour accélérer les récupérations futures et prend en charge l'authentification sécurisée via HTTPS ou SSH pour accéder aux dépôts privés. Il fournit en outre des mécanismes pour l'exécution de hooks post-extraction afin d'exécuter des scripts de nettoyage après le déballage du projet.
Executes custom cleanup scripts or commands immediately after the repository archive is unpacked.
This project is a desktop automation scripting framework and shell script command runner. It allows users to execute custom scripts and workflows from a central launcher to automate repetitive desktop tasks and system operations. The framework functions as a unified command interface and a JSON input automation bridge, serializing search queries into arguments passed to the execution environment. It integrates large language model prompts directly into the desktop interface to automate content generation and answer questions. The system handles a broad range of capabilities including the exe
Runs custom user-written scripts from a central search interface to perform specific automation workflows.
Soft Serve is a self-hosted Git server that authenticates users via SSH public keys and provides a terminal-based user interface for browsing repositories, files, and commits. It stores repository data and configuration in either SQLite or PostgreSQL, and supports role-based access control with four permission levels for managing repository visibility and write access. The server can be deployed via Docker or managed as a systemd service, and supports webhook notifications for push, collaborator, and branch or tag events to integrate with external automation workflows. It also enables server-
Provides server-side execution of custom scripts on push events with flexible configuration.
Tron is an automated script that runs a sequenced collection of disinfection and cleanup utilities to remove malware and temporary files from a Windows system. It executes a multi-stage sequence of temp-file cleanup, malware scans, system repairs, and optimization tasks in a single unattended pass, and can detect a prior incomplete run to restart from the last successfully completed stage while preserving previously used command-line switches. The tool runs multiple anti-virus and anti-rootkit scanners in sequence, including MBAM, AdwCleaner, KVRT, Sophos, TDSS Killer, and McAfee Stinger, to
Runs any user-supplied batch files placed in a designated folder just before the script finishes.
yadm is a dotfile manager that uses Git as its underlying version control engine to track, synchronize, and manage configuration files across multiple machines. It keeps dotfiles in their original home directory locations while providing a system for deploying different file versions based on operating system, hostname, or hardware architecture through an alternate file naming convention. The tool distinguishes itself through several integrated capabilities that go beyond basic version control. It includes a template-based configuration generation system that renders files by merging template
Triggers custom scripts before or after every yadm command for setup or cleanup.
Executes custom scripts before or after any supported command, with the ability to abort on failure.
NanoKVM is a KVM-over-IP device that provides remote keyboard, video, and mouse control over IP networks for headless server management. It functions as remote server management hardware enabling out-of-band control of a computer's power, BIOS, and operating system over a network, while also serving as a RISC-V single-board computer for embedded and edge applications. The device additionally operates as an AI edge inference device running neural network models locally for real-time image recognition and object detection, and integrates Tailscale as a VPN appliance for secure peer-to-peer conne
Runs user-defined scripts on the device to automate tasks or integrate with other systems.
Groovy est un langage de programmation pour la JVM et un framework de métaprogrammation qui fournit un environnement compatible Java pour construire des applications. Il fonctionne comme un langage de script dynamique et un outil pour créer des langages dédiés (DSL), permettant l'exécution de scripts personnalisés et la création de mini-langages spécialisés avec une syntaxe concise. Le projet se distingue par sa capacité à modifier le comportement du programme et les définitions de classes via la métaprogrammation à la compilation et au runtime. Il utilise un modèle de typage hybride qui combine la résolution dynamique de méthodes avec un typage statique optionnel pour équilibrer flexibilité et performance d'exécution. Le langage couvre un large éventail de capacités, incluant les patterns de programmation fonctionnelle, les transformations d'arbres de syntaxe abstraite (AST) et l'intégration directe de bibliothèques Java. Il inclut également des utilitaires de sécurité pour prévenir les injections SQL, sécuriser le parsing XML et garantir un parsing sûr des données structurées. Le système traduit la syntaxe de haut niveau en bytecode JVM pour une exécution sur toute machine virtuelle Java compatible.
Provides the ability to execute custom logic via scripts to bypass full application structures.
Backrest is a web-based management interface for Restic that orchestrates scheduled snapshots, manages offsite repositories, and provides a browser for file restoration. It serves as a scheduled backup orchestrator and remote storage manager to maintain data repositories across various backends. The system distinguishes itself through a backup lifecycle automation framework that triggers shell scripts and external notifications based on backup events. It includes a snapshot restoration browser that allows for exploring point-in-time snapshots to recover specific directories to local paths. T
Triggers custom external shell scripts immediately before or after backup processes for prerequisites and cleanup.
Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It handles certificate application, renewal, and deployment across multiple domains through a pipeline-driven workflow engine, with DNS challenge orchestration and multi-cloud deployment capabilities. The platform distinguishes itself through its configurable pipeline system, which allows users to build multi-step workflows that can pass outputs between tasks, execute custom scripts, and handle errors. It supports multi-tenant access control with role-based permissions, encrypted cre
Runs user-defined scripts to perform arbitrary tasks such as calling APIs, executing system commands, or sending emails.
This project is a Go library and framework for implementing the SSH protocol. It provides a toolkit for building custom SSH servers, managing encrypted connections, and handling remote command execution. The implementation focuses on flexible session management through callback-based handling and a pluggable authentication system that supports passwords, public keys, and certificates. It includes mechanisms for secure network tunneling, including local and reverse port forwarding for TCP and Unix domain socket traffic. The library covers a broad range of protocol capabilities, including cryp
Provides connection lifecycle hooks to intercept and validate new connections before processing them.
This project is a Docker volume backup tool and data lifecycle manager that archives volume data to local storage, SSH, or cloud providers. It operates as a containerized backup orchestrator and companion container that coordinates volume snapshots and manages the restoration of data for disaster recovery. The tool distinguishes itself through integrated security and consistency controls, utilizing GPG or age encryption to secure archives before remote transmission. It ensures data integrity by managing container states, such as stopping services or running database dump utilities via lifecyc
Executes custom scripts at specific backup lifecycle stages to ensure data consistency and environment setup.
Sshwifty is a web-based remote terminal and SSH client that allows for the administration of remote systems through a browser without requiring a native terminal client. It provides a password-protected administrative portal to restrict unauthorized access and supports both SSH and Telnet connectivity. The application includes a SOCKS5 proxy gateway to route outgoing remote terminal traffic. It also utilizes server-side hooks that execute external processes to validate or modify connection logic before a session is established. The system manages connectivity parameters through environment-b
Triggers external server processes to modify behavior or abort remote connections based on process return codes.
Container-db-backup est un utilitaire natif pour conteneur conçu pour automatiser la maintenance de base de données, y compris les sauvegardes récurrentes, la restauration de données et l'archivage sécurisé. Il fonctionne en exécutant des tâches de sauvegarde isolées au sein de conteneurs éphémères, garantissant des environnements cohérents pour les flux de travail de protection des données à travers plusieurs hôtes de base de données. L'outil se distingue par un modèle de traitement orienté pipeline qui diffuse les dumps de base de données à travers des étapes de compression et de chiffrement avant le stockage. Il prend en charge des configurations de stockage flexibles, permettant aux données d'être dirigées vers des systèmes de fichiers locaux ou un stockage d'objets distant compatible S3. Pour maintenir la fiabilité des données, le système effectue une vérification de somme de contrôle cryptographique sur toutes les archives et gère les cycles de vie des sauvegardes en automatisant la suppression ou l'archivage des fichiers obsolètes en fonction de politiques définies. La plateforme fournit une extensibilité de flux de travail étendue grâce à des scripts basés sur des hooks, permettant un prétraitement personnalisé ou une intégration avec des systèmes de surveillance et de sécurité externes. Elle inclut également un suivi de santé intégré pour surveiller l'état des opérations et alerter en cas d'échec, garantissant une surveillance cohérente de l'ensemble du processus de sauvegarde et de récupération.
Executes user-defined scripts before or after backup operations to perform custom pre-processing or external system integration.
Open-android-backup is a command-line utility designed for the automated archival and restoration of mobile device data. It enables users to capture applications, internal storage, and contact information into encrypted, open-standard archives, ensuring long-term data ownership and portability without reliance on proprietary vendor software. The tool distinguishes itself by facilitating these operations without requiring root-level system access. It achieves this by utilizing a companion application to grant the host machine necessary permissions, while simultaneously protecting user privacy
Supports executing user-defined scripts during backup or restore operations to handle specific device requirements or custom data management tasks.
Pika Backup est un utilitaire de bureau pour Linux qui fournit une interface graphique pour gérer les tâches d'archivage de fichiers. Il facilite la création de sauvegardes chiffrées, dédupliquées et incrémentales vers des destinations de stockage locales et distantes, assurant la redondance des données et la protection contre les pannes matérielles. L'application fonctionne comme un client de bureau pour le moteur de stockage sous-jacent, permettant aux utilisateurs de planifier des opérations de sauvegarde récurrentes et de gérer des snapshots via une interface native. Elle s'intègre aux services système pour gérer l'orchestration des tâches en arrière-plan, la gestion de l'alimentation et les notifications matérielles, garantissant que les processus de sauvegarde restent réactifs et automatisés sans nécessiter d'intervention manuelle. Au-delà de l'archivage, le logiciel prend en charge la configuration de divers emplacements de stockage, y compris les partages réseau et les serveurs distants. Les utilisateurs peuvent parcourir les archives existantes pour récupérer des fichiers ou dossiers spécifiques directement, et utiliser des hooks pré et post-sauvegarde pour exécuter des commandes personnalisées pour la préparation ou le nettoyage de l'environnement.
Executes custom shell commands before or after backup tasks for environment preparation or cleanup.