11 个仓库
Defense-in-depth for distributed architectures.
Distinguishing note: Focuses on service-to-service security in distributed systems.
Explore 11 awesome GitHub repositories matching security & cryptography · Microservices Security. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Applies defense-in-depth principles to ensure individual services remain protected.
grpc-go is a Go language implementation of the gRPC framework, providing a remote procedure call library for high-performance service communication. It uses the HTTP/2 protocol to execute functions on remote servers as if they were local methods and utilizes protobuf service bindings to generate type-safe client and server code. The project features a bidirectional streaming transport that supports asynchronous, full-duplex message streams between clients and servers. This networking layer allows for various communication patterns, including client-to-server and server-to-client streaming, to
Secures service-to-service communication in distributed architectures using transport layer security.
Sa-Token is a Java-based authentication and authorization framework designed to manage user sessions, permissions, and identity verification within web applications and microservice architectures. It provides a centralized security layer that enforces access control policies and identity validation across distributed service environments and API gateways. The framework distinguishes itself through its support for cross-domain single sign-on and its ability to function as an OAuth2 identity provider. It manages user session lifecycles by applying configurable rules for single or multi-login re
Enforces centralized identity verification and access control policies across distributed microservice architectures and API gateways.
Mall-swarm is a microservices-based e-commerce system built with Spring Cloud Alibaba and Spring Boot. It functions as a scalable online retail platform designed to manage complex business logic through a distributed architecture of independent services. The system utilizes Kubernetes and Docker for service orchestration, incorporating a unified API gateway for traffic routing and service discovery. Security is handled via a unified identity and access management framework for verifying user tokens across all connected microservices. The platform includes a dedicated search engine for high-p
Secures distributed services using the Sa-Token framework for unified identity and access management.
This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployme
Intercepts and validates network requests at the service level to enforce fine-grained access control.
SpringCloud is a development platform for building distributed systems and cloud-native microservices. It provides an integrated framework for microservice development, incorporating service governance, security, and system coordination. The platform features a microservice gateway for managing traffic through dynamic routing and rate limiting, alongside a service registry for discovery. It implements distributed security through token-based authentication, role-based access control, and a specialized system that uses aspect-oriented programming to automatically enforce data-level permissions
Implements centralized authentication and authorization for distributed architectures using Spring Security and secure tokens.
Shenyu is a microservices API gateway designed to route external traffic to backend services using dynamic rules and protocol conversion. It functions as a central entry point that manages traffic flow through a combination of an API traffic governor, a distributed configuration manager, and a security layer for protecting endpoints. The project features a dynamic plugin architecture that allows for the injection of custom request processing logic without restarting the server. It utilizes a distributed coordination service to synchronize routing and policy updates across a gateway cluster in
Integrates microservices security by verifying digital signatures and tokens to authorize backend access.
The CNCF Curriculum is an open-source repository that organizes exam domains and learning paths for CNCF certification courses covering Kubernetes and cloud-native technologies. It structures certification content into weighted domains that reflect exam question distribution, providing a structured study guide for candidates preparing for CNCF certifications. The curriculum is organized around multiple cloud-native domains including networking, security, GitOps, platform engineering, and certification preparation. It teaches cloud-native concepts through the lens of building and operating int
Teaches pod security contexts and network policies to limit the blast radius of compromised workloads.
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Covers authentication, authorization, and data protection measures for APIs and microservice architectures.
该项目是一个基于 Spring Cloud 微服务平台的企业级多租户分布式系统架构。它提供了一套完整的微服务管理框架,重点在于多租户数据架构和集中式身份认证服务。 该平台通过集成 OAuth2 身份提供商来管理单点登录(SSO)、基于角色的访问控制(RBAC)以及分布式服务间的 JWT 令牌颁发,从而在身份与安全方面表现出色。此外,它通过多租户数据隔离实现了组织边界的划分,确保不同租户间的资源和数据在逻辑或物理上相互独立。 系统涵盖了广泛的分布式能力,包括通过 API 网关路由和熔断机制实现的服务治理,以及通过分布式事务和锁机制实现的数据协调。它还包含用于请求追踪和集中式日志记录的分布式可观测性栈,以及实时搜索引擎同步和异步事件驱动的消息传递机制。 开发工作流通过应用程序代码生成和平台特定的二进制打包自动化工具提供支持。
Provides a centralized security authority to manage authentication and authorization across all microservices.
Gizmo is a microservice development toolkit and HTTP server framework designed for building distributed services. It provides a collection of libraries for managing service lifecycles, including standardized configuration, logging, and health checks. The toolkit includes a PubSub messaging interface that abstracts the publishing and consuming of messages across different brokers and HTTP endpoints, featuring built-in mocking for integration testing. It also provides a security layer for validating inbound authentication tokens using public key signatures and custom decoders. The project cove
Implements security for distributed architectures by validating identity tokens using public key signatures.