11 个仓库
Utilities and frameworks designed for building scalable applications in cloud environments.
Distinguishing note: No candidates provided; this is a broad domain-level capability.
Explore 11 awesome GitHub repositories matching devops & infrastructure · Cloud Native Development Tools. Refine with filters or upvote what's useful.
This project serves as a technical educational resource and software implementation example focused on dependency injection architecture and containerized application packaging. It provides a centralized framework for managing the lifecycle and configuration of application components, allowing objects to receive their dependencies from a registry rather than creating them internally. The project distinguishes itself by offering a type-safe service resolution mechanism that uses language-level information to map abstract interfaces to concrete implementations. By utilizing an inversion of cont
Supports building and running scalable applications in modern cloud environments.
Dagger is a programmable CI/CD engine and containerized task runner designed to orchestrate build and test pipelines. It functions as an incremental build system that manages containers, filesystems, and secrets through a typed API to ensure consistent execution across local and cloud environments. The engine utilizes a language-agnostic client-server API to allow multi-language pipeline orchestration, enabling the sharing of typed artifacts and state across different SDKs without manual serialization. It optimizes execution through content-addressable caching and a directed acyclic graph to
Provides a typed API for managing container images, secrets, and networked services to streamline the software delivery lifecycle.
This project serves as a comprehensive directory of open-source libraries, tools, and technical documentation designed for building and managing infrastructure on the Amazon Web Services platform. It functions as a centralized knowledge base, aggregating software development kits, command-line utilities, and editor extensions to assist developers in cloud-native application development. The directory distinguishes itself through a categorical taxonomy that organizes disparate technical resources into a structured hierarchy. It incorporates community-driven metadata aggregation and automated m
Aggregates development kits and utilities to assist in building cloud-native applications.
This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployme
Enforces security and operational standards across infrastructure, microservices, and CI/CD pipelines in cloud-native environments.
jetson-inference is a set of libraries and tools for executing optimized deep learning models on embedded GPU hardware. Its primary purpose is to enable real-time computer vision and AI inference at the edge with low latency and high throughput. The project distinguishes itself through high-performance streaming analytics and the ability to execute concurrent AI pipelines on auto-grade silicon. It provides specialized support for multi-sensor stream processing, utilizing zero-copy data transport to load camera frames directly into GPU memory. The codebase covers a broad surface of capabiliti
Employs containers, Kubernetes, and microservices to create scalable AI applications bridging cloud and edge.
Kyverno is a Kubernetes policy engine and cloud native governance tool. It functions as a policy-as-code framework that validates, mutates, and generates resources to enforce security and governance standards within a cluster. The project distinguishes itself through a declarative policy model that utilizes native Kubernetes custom resource definitions, allowing policies to be managed as standard cluster objects without custom code. It provides specific security capabilities for container image verification and signature validation to ensure only trusted images are deployed. Its broader capa
Provides a portable engine for enforcing security and operational standards via validation, mutation, and generation of resources.
tfsec is a static analysis tool and security scanner for infrastructure as code, specifically designed to detect misconfigurations and compliance violations in Terraform and cloud infrastructure definitions before deployment. It functions as a cloud security policy engine that identifies vulnerabilities across multiple cloud platforms. The tool provides capabilities for cloud compliance auditing and scanning of Cloud Development Kit code. It supports custom security policy enforcement and allows for the definition of organization-specific security requirements. The scanner includes features
Enforces security best practices and operational standards across multiple cloud-native environments using a policy engine.
Cloud Custodian 是一个多云治理引擎和策略执行工具,旨在自动化跨各种云提供商的安全、合规和成本优化。它作为一个规则引擎,使用声明式领域特定语言(DSL)来查询云资源并根据预定义的过滤器执行纠正操作。 该系统作为一个无服务器策略编排器运行,部署特定于提供商的函数以触发实时执行,以响应云资源变更。它提供了一个与提供商无关的资源抽象,以在多个账户、订阅和项目中维护一致的操作策略。 其功能涵盖云基础设施审计,包括分析持续集成管道中的资产以及生成合规性报告。该工具还支持成本优化以识别和删除未使用的资源,并包括一个模拟模式,用于在不应用实际变更的情况下识别受影响的资源。
Utilizes a declarative YAML-based domain specific language to define resource filters and corrective governance actions.
Cloud Custodian is an open-source rules engine that uses declarative YAML policies to query, filter, and take automated actions on cloud resources for governance and compliance. It functions as a stateless policy execution engine, where each policy evaluation runs as an independent, idempotent operation without maintaining internal state between runs. Policies are defined using a YAML-based domain-specific language that structures rules as a query-filter-action pipeline. The engine supports dry-run validation, allowing users to simulate policy actions against live resources without applying c
A policy engine that defines cloud resource management rules in YAML, enabling querying, filtering, and automated actions across accounts.
Goss 是一个基础设施验证工具和测试框架,用于验证服务器的当前状态是否符合预期配置。它将实时系统输出与 YAML 或 JSON 规范进行比较,以验证软件包、服务、用户和网络端口等组件。 该工具通过捕获系统的现有状态,支持测试规范的自动化生成。它通过使用动态模板和变量文件支持多样化的部署环境。 除了即时验证外,该框架还可以执行重试测试,轮询状态收敛直到达到超时。它通过 HTTP 健康检查端点公开验证结果,并以标准格式导出结果,以便与外部监控工具集成,从而提供可观测性。
Utilizes a declarative YAML-based specification to query and validate the state of server packages, services, and ports.
Cerbos is an open-source authorization service that provides a centralized, language-agnostic engine for managing access control. It functions as a policy-as-code platform, allowing teams to define, test, and distribute authorization rules using declarative YAML or JSON configurations. By decoupling access logic from application code, it enables consistent permission enforcement across diverse service stacks. The project distinguishes itself through its ability to translate high-level authorization policies into native database query filters. This capability allows applications to enforce sec
Supports querying and retrieving specific policy and schema definitions with filtering, sorting, and output formatting.