Identity-aware VPN and proxy for remote access to anything, anywhere.

A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

8 Lessons, Kick-start Your Cybersecurity Learning.

Pomerium is an identity and context-aware access proxy.

Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.

The parent project for OpenZiti. Here you will find the executables for a fully zero-trust, programmable network @openziti

Secure internet sharing made simple.

Boundary enables identity-based access management for dynamic infrastructure.

💚 Secure remote browsing anywhere.

A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA platform, API/AI/MCP gateway, a PaaS, an ngrok-alternative and a homelab infrastructure.

DockFlare: Automate Cloudflare Tunnels with Docker Labels

nono - a capability-based, multiplexing sandbox tool, built for developers , seamless path to prod. Run agents securely without needing any additional infra, zero setup, zero latency.

Tailscale Sidecar Configurations for Docker

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Single Packet Authorization > Port Knocking

Warrant is a highly scalable, centralized authorization service based on Google Zanzibar. Use it to define, enforce, query, and audit application authorization and access control.

🚀 An 800KB RAM ultra-lightweight Cloudflare WARP SOCKS5 proxy in Docker. 仅需 800KB 内存的纯内核态 Cloudflare WARP 代理 - Docker

AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.