Cuandari is an open-source project dedicated to robust and secure process management, particularly for cloud-native and containerized environments. Inspired by the ancient tongues of high fantasy, Cuandari provides granular control over process execution with advanced permission handling, enhancing the security posture of your applications.
The name "Cuandari" is derived from the Old Tongue (High Chant) of Robert Jordan’s The Wheel of Time series.
- Origin: It combines the root "Cuan" (meaning "small" or "little") with the pluralizing suffix "-ri" and the connector "-da".
- Meaning: Together, Cuandari translates to "The Small Ones" or "Collection of Small Things." This perfectly encapsulates our mission: to precisely manage and secure the multitude of individual processes that make up modern software.
- Pronunciation: Kwan-DAH-ree (rhymes with "Swan-dah-ree").
The foundational Go library for integrating Cuandari's powerful process management and permission handling capabilities into your applications.
- Features:
- Process Isolation: Securely run processes with fine-grained resource control.
- Filesystem Permissions: Enforce, for example, read-only access to specific directories or files.
- Network Security: Control network access including connecting to other services or listening on ports.
- Repository: cuandari/library
A command-line interface tool built on the Cuandari Go library, providing an intuitive way to manage and secure processes directly from your terminal. Ideal for system administrators and developers.
- Features:
- Easily define and apply complex permission policies.
- Repository: cuandari/cli
Cuandari is specifically engineered to run within containers, providing an additional layer of security on top of existing container scheduling and orchestration solutions like Kubernetes, Docker Swarm, or Nomad. By enforcing strict process-level permissions, Cuandari minimizes the attack surface within your microservices and ensures that even compromised processes have severely limited capabilities.