The trust-minimized, zero-knowledge bridging protocol, designed for censorship resistance, extremely high security, and usage in decentralized finance.

A simple zero-config tool to make locally trusted development certificates with any names you'd like.

Identity-aware VPN and proxy for remote access to anything, anywhere.

A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

Enterprise-ready zero-trust access platform built on WireGuard®.

8 Lessons, Kick-start Your Cybersecurity Learning.

Pomerium is an identity and context-aware access proxy.

Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

The parent project for OpenZiti. Here you will find the executables for a fully zero-trust, programmable network @OpenZiti

Boundary enables identity-based access management for dynamic infrastructure.

Secure internet sharing made simple.

💚 Secure remote browsing anywhere.

A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA platform, API/AI/MCP gateway, a PaaS, an ngrok-alternative and a homelab infrastructure.

A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

Zero-Trust access management with true WireGuard® 2FA/MFA

DockFlare: Automate Cloudflare Tunnels with Docker Labels

Principles to help you design and deploy a zero trust architecture

Kernel-enforced agent sandbox. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Tailscale Sidecar Configurations for Docker

Single Packet Authorization > Port Knocking

Warrant is a highly scalable, centralized authorization service based on Google Zanzibar. Use it to define, enforce, query, and audit application authorization and access control.

🚀 An 800KB RAM ultra-lightweight Cloudflare WARP SOCKS5 proxy in Docker. 仅需 800KB 内存的纯内核态 Cloudflare WARP 代理 - Docker

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

OpenAM is an open-source access management solution for identity authentication, authorization, and federation. It provides single sign-on, adaptive authentication, and centralized policy control, enabling secure access to web, mobile, and cloud applications

IAP Desktop is a Windows application that provides zero-trust Remote Desktop and SSH access to Linux and Windows VMs on Google Cloud.

Zero-trust Opensource Network Management and Observability Platform