Awesome Platform Engineering

A curated list of amazingly awesome Platform tools, resources and various shiny things.

Awesome Platform Engineering

Analytics

Product and customer analytic platforms.

June - Product usage analytics platform
Amplitude - Product usage analytics platform

Application Security

API Fuzzing

API testing tools that use a fuzzing engine to generate various test inputs and possible request sequences.

OWASP ZAP - dynamic security testing and web app scanner
Burpsuite - The enterprise-enabled dynamic web vulnerability scanner
Cherrybomb - CLI tool that helps you avoid undefined user behaviour by validating your API specifications
Restler - stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs
Dredd - Language-agnostic HTTP API Testing Tool
Schemathesis - Specification-centric API testing tool for Open API and GraphQL-based applications
Snapchange - Lightweight fuzzing of a memory snapshot using KVM
Onefuzz - A self-hosted Fuzzing-As-A-Service platform
OSS-Fuzz - continuous fuzzing for open source software

DAST

Dynamic application security testing tools.

OWASP ZAP - automatically find security vulnerabilities in your web applications while you are developing and testing your applications
Nikto2 - web server scanner
Wapiti - Web vulnerability scanner written in Python3
Skipfish - Web application security scanner created by lcamtuf for google - Unofficial Mirror [Deprecated]
Jazzer - Coverage-guided, in-process fuzzing for the JVM
CI Fuzz - CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line
nuclei - Fast and customizable vulnerability scanner based on simple YAML based DSL

Language & Framework-specific DAST

SAST

Static application security testing tools.

Shisho - Lightweight static analyzer
Purple panda - identify privilege escalation paths within and across different clouds
opensourcesecurityindex.io
Privado - Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report
static-analysis - A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality

SCA

Software composition analysis tools.

DependencyCheck - software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies
OpenSCA - supports detection of open source component dependencies and vulnerabilities
Dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
OSV scanner - Dependency vulnerability scanner written in Go which uses the data provided by https://osv.dev
packj - Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
socket.dev - Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript and Python dependencies
nancy - A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
deps.dev - Google project for rating dependencies
dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies
depguard - Go linter that checks if package imports are in a list of acceptable packages

Secrets detection

Find leaked secrets in your git repositories, container images and filesystems.

Trufflehog - Find leaked credentials
Detect-secrets - Yelp: An enterprise friendly way of detecting and preventing secrets in code
Bridgecrew detect-secrets - Bridgecrew fork of yelp/detect-secrets
Gitleaks - SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos
git-secrets - AWSLabs tool for detecting secrets in git. No longer maintained
ggshield - GitGuardian secrets detection.
SecretScanner - Deepfence SecretScanner can find unprotected secrets in container images or file systems. Integrated into ThreatMapper 1.3.0
DumpsterDiver - Tool to search secrets in various filetypes. No longer maintained
keyscope - SpectralOps tool for secrets validation
leaky-repo - benchmarking repo with secrets in it to test and evaluate detection tools
Skyscanner/whispers - Identify hardcoded secrets in static structured text
auth0/repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets
Ocotopii - An AI-powered Personal Identifiable Information (PII) scanner
secretlint - Pluggable linting tool to prevent committing credentials.

Supply chain security

Supply chain security tools.

awesome supply chain security
chain-bench - open-source tool for auditing your software supply chain stack for security compliance based on a new CISs Software Supply Chain benchmark
legitify - Detect and remediate misconfigurations and security risks across all your GitHub assets
steampipe (GitHub compliance mod)
OWASP dependency-check - software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies
harden-runner- Security agent for GitHub-hosted runner: block egress traffic & detect code overwrite to prevent breaches
scorecard - OpenSSF Scorecard - Security health metrics for Open Source
CVE Prioritizer- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities
ossf/allstar - GitHub App to set and enforce security policies
OSSGadget - Collection of tools for analyzing open source packages
oak - Oak is a software platform for building distributed systems providing externally verifiable (or falsifiable) claims about system behaviors in a transparent way

Threat modelling

Deciduous - security decision tree generator that serves as a threat modelling tool

API tools

Vacuum - vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports
Spectral - A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI v3.1, v3.0, and v2.0 as well as AsyncAPI v2.x.
SwaggerHub
oasdiff - OpenAPI Diff and Breaking Changes
openapi-diff - Utility for comparing two OpenAPI specifications.
openapi-generator- OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
ogen - OpenAPI v3 code generator for go
swagger-codegen - swagger-codegen contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
oapi-codegen - Generate Go client and server boilerplate from OpenAPI 3 specifications
speakeasy - Auto-generated SDKs, Terraform Providers, Docs & more
goa - Goa: Elevate Go API development! Streamlined design, automatic code generation, and seamless HTTP/gRPC support

Artifact signing and attestation

Sign, attest and verify artifacts to protect your software supply chain.

See: SLSA - Software Attestations

Cosign - code signing and transparency for containers and binaries
grafeas - Artifact Metadata API to audit and govern software supply chains
in-toto - a framework to protect supply chain integrity
notary - project that allows anyone to have trust over arbitrary collections of data

Bug tracking

Bug tracking, triage and remediation tools.

Bugasura - AI-powered issue tracker

Chaos engineering

The discipline of experimenting on a distributed system in order to build confidence in the system's capability to withstand turbulent conditions in production.

Chaos Toolkit - the Open Source Platform for Chaos Engineering
Chaos Monkey - a resiliency tool that helps applications tolerate random instance failures
Toxiproxy - simulate network and system conditions for chaos and resiliency testing
Pumba - chaos testing, network emulation and stress testing tool for containers
Litmus - Cloud Native Chaos Engineering platform
KubeInvaders - Chaotic fun

Chat and ChatOps

Chat and ChatOps.

Rocket - open source team communication
Mattermost - messaging platform that enables secure team collaboration
Zulip - real-time chat with an email threading model
Riot - a universal secure chat app entirely under your control
ChatOps:
- CloudBot - simple, fast, expandable, open-source Python IRC Bot
- Hubot - a customizable life embetterment robot
- Lita - a robot companion for your company's chat room
- Botkube - chat bot for Kubernetes
- Rootly - Incident management in Slack

Cloud cost management

Automated cost management and cost visibility tools that offer deep insight into your cloud expenditure.

Infracost - Predict cost of infrastructure from Terraform code
Terracost - Cloud cost estimation for Terraform in your CLI
Zesty - Automated cloud cost optimization for EC2 & RDS
Vantage - Automated cloud cost optimization
Scalr - Terraform platform that has cost-optimization features
Finout - Cloud cost monitoring platform
Opencost - Cross-cloud cost allocation models for Kubernetes workloads
Harness Cloud Cost Management - Detect and stop cloud cost anomalies as they occur
Loft - Kubernetes automated cost savings
usage.ai - Automated cloud cost optimization for EC2, RDS, ElasticSearch, RedShift
cast.ai - Kubernetes automated cost savings

Cloud asset inventory

Cloud asset inventory and Cloud Security Posture Management tools.

Steampipe - # select * from cloud;
Resoto - Resoto creates an inventory of your cloud, provides deep visibility, and reacts to changes in your infrastructure
Cloudquery - Sync cloud assets to any database, transform and visualize
Cloudgraph - The universal GraphQL API and CSPM tool for AWS, Azure, GCP, K8s, and tencent
Cloudmapper - CloudMapper helps you analyze your AWS environments
AWS ClickOps notifier - Get notified when users are taking actions in the AWS Console
driftctl - Detect, track and alert on infrastructure drift
Scoutsuite - Multi-Cloud Security Auditing Tools
prowler - perform AWS security best practices assessments, audits, incident response, continuous monitoring
saw - Fast, multi-purpose tool for searching AWS CloudWatch Logs
magpie - Magpie is a free, open-source framework and a collection of community developed plugins that can be used to build complete end-to-end security tools such as a CSPM

Continuous deployment

Tools that enable declarative continuous deployment aka GitOps.

ArgoCD - Declarative continuous deployment for Kubernetes
Flux - Open and extensible continuous delivery solution for Kubernetes
dagger - programmable CI/CD engine that runs your pipelines in containers

Continuous integration

CI platforms and release management tools.

Spacelift - Spacelift is a sophisticated CI/CD platform for Terraform, CloudFormation, Pulumi, and Kubernetes
atlantis - Terraform Pull Request Automation
scalr - Terraform Cloud alternative
env0 - Manage, deploy, scale, and control all your Terraform, Terragrunt, Pulumi, and related frameworks
batect - Build And Testing Environments as Code Tool
autorelease - Release automation for GitHub
cashapp/hermit - consistent tooling across environments
meta/hermit - hermetically isolated sandboxes to control program execution
semantic-release - Fully automated version management and package publishing
release-please - generate release PRs based on the conventionalcommits.org spec
git-cliff - A highly customizable Changelog Generator that follows Conventional Commit specifications ⛰️

Dashboards as code

Tools that allow you to define and manage your observability dashboards in code.

Grafanalib - Write Grafana dashboards in Python
Grafonnet - Jsonnet library for generating Grafana dashboard files
Steampipe - AWS Insights Mod - Create dashboards and reports for your AWS resources using Steampipe
kennel - Datadog monitors/dashboards/slos as code, avoid chaotic management via UI

Dependency management

Manage development environments, software dependencies and package versions.

Poetry - Python packaging and dependency management
Renovate - Universal dependency update tool that fits into your workflows
Dependabot - Automating dependency updates in multiple languages
configrd - Sync configurations such as environment variables, application properties and secrets across build pipelines, services and environments
tfenv - Terraform version manager based on rbenv
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
mise - development environment setup tool that manages dev tools, runtimes, envvars and task runners
Devbox - command-line tool that lets you easily create isolated shells for development
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers
Lerna - Lerna is a tool for managing JavaScript projects with multiple packages, built on Yarn
chezmoi - Manage your dotfiles across multiple diverse machines, securely
knip - Find unused files, dependencies and exports in your JavaScript and TypeScript projects
just - just is a handy way to save and run project-specific commands

Build systems

Bazel - Bazel is Google's monorepo-oriented build system
buck2 - Buck2 is a fast, hermetic, multi-language build system designed by Meta
pants - a monorepo-oriented build system, used by Twitter, Foursquare and multiple other companies
Nx - Nx is a build system with built-in tooling and advanced CI capabilities. It helps you maintain and scale monorepos, both locally and on CI

Diagrams as code

Tools that allow you to draw system architecture diagrams in code, allowing you to track and share your diagrams in any SCM.

structurizr - Diagrams as code 2.0
Brainboard - Diagrams to Terraform code
Pluralith - Terraform to diagrams
cdk-dia- CDK to diagrams
cfn-diagram - CFN to diagrams
mingrammer/diagrams - Draw diagrams in Python code
Mermaid - simple diagrams and flowcharts in Markdown
ascii flow - ASCII editor
PlantUML - Create diagrams from plaintext language
Markmap - visualize your Markdown as minimaps
Go diagrams - create system diagrams with Go
GraphViz - create system diagrams in DOT language
Cloudcraft - Create AWS diagrams from deployed infrastructure
Inframap - Read your tfstate or HCL to generate a graph specific for each provider

Docker

Docker and general container tools.

Dockle - Docker image linting
Container-scan - Dockle + Trivy [Deprecated]
HadoLint - Dockerfile linter, validate inline bash, written in Haskell
docker-bench - checks for dozens of common best-practices
aquasecurity/docker-bench
Dive - A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image
cadvisor - Analyzes resource usage and performance characteristics of running containers
Docker-slim - Don't change anything in your Docker container image and minify it by up to 30x
dfimage - Reverse-engineer a Dockerfile from a Docker image
Whaler - Go program to reverse Docker images into Dockerfiles
anchore-engine - A service that analyzes docker images and scans for vulnerabilities
grype - A vulnerability scanner for container images and filesystems
Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
docker-trim - create a trimmed docker image that contains only parts of the original file system of an existing docker image
diffoci - diffoci compares Docker and OCI container images for helping reproducible builds
tini - A tiny but valid init for containers
ko - ko is a simple, fast container image builder for Go applications
go-containerregistry - Google Go library for working with container images. Includes tools like crane, gcrane, krane & k8schain
testcontainers - open source framework for providing throwaway, lightweight instances of anything that can run in a Docker container
distroless - Language focused docker images, minus the operating system
confidential-containers - leverage Trusted Execution Environments to protect containers and data and to deliver cloud native confidential computing
copacetic - CLI tool for directly patching container images!

Shell into containers

cdebug - cdebug - a swiss army knife of container debugging
docker-opener - Shell-in to any docker container easily
debug-ctr - Command-line tool for interactive container troubleshooting
docker-debug - troubleshooting running docker containers

Documentation as code

Generate documentation automatically from code.

Doxygen - generate docs from annotated C++ code
JavaDoc - generate docs from Java code
terraform docs - generate docs from Terraform code
glow - terminal based markdown reader designed for the CLI
runme - Execute your runbooks, docs, and READMEs

Endpoint validation

Is it up or not?

Goss - quick and easy server validation
Prometheus Blackbox exporter - Blackbox prober exporter

Git Tools

Tools that can help you do stuff in Git.

Polyrepo operations tools

Repository management tools

pull - Keep your forks up-to-date via automated PRs
git-of-theseus - Analyze how a Git repo grows over time
bash-git-prompt - An informative and fancy bash prompt for Git users
comby - A code rewrite tool for structural search and replace that supports ~every language

Hook management tools

pre-commit - a framework for managing and maintaining multi-language pre-commit hooks from Yelp
Overcommit - an extendable Git hook manager written with Ruby
quickhook - a fast, Unix'y, opinionated Git hook runner
husky - Git hooks for Node.js, manage your hooks from your package.json
Mookme - A simple and easy-to-use, yet powerful and language agnostic git hook for monorepos
lint-staged - run linters on git staged files
lefthook - Fast and powerful Git hooks manager for any type of projects

Identity and access management

IAM platforms, tools and systems.

Teleport
IAMAlive - Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
Ermetic - Holistic IAM protection for AWS, Azure and Google Cloud
Pike - Pike is a tool for determining the permissions or policy required for IAC code
AirAM - Least privilege AWS IAM Terraformer
IAM Floyd - AWS IAM policy statement generator with fluent interface
repokid - AWS IAM usage monitor
aardvark - Aardvark is a multi-account AWS IAM Access Advisor API (and caching layer)
Trailscraper - A command-line tool to get valuable information out of AWS CloudTrail
CloudTracker - CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies
Cloudsplaining - AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report
Parliament - AWS IAM policy linter
PMapper - AWS IAM privilege escalation mapping
Policy Sentry - IAM Least Privilege Policy Generator

Infrastructure as code

Terraform - Terraform is a tool for building, changing, and versioning infrastructure
OpenTofu - OSS Terraform fork that lets you declaratively manage your cloud infrastructure
AWS CDK - The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
Pulumi - Infrastructure as Code in any programming language
sst - Build modern full-stack applications on AWS
ion - ❍ — an experimental new engine for SST
Sceptre - sceptre is a tool to drive AWS CloudFormation

Infrastructure as code generation

Generate infrastucture code from existing manually-created cloud resources.

Former2 - generate CloudFormation/Terraform from existing AWS resources
Terraformer - CLI tool to generate terraform files from existing infrastructure
Terracognita - generates Terraform from existing AWS resources
Firefly - Cloud asset management solution
k2tf - Kubernetes YAML to Terraform HCL converter

Infrastructure from code

Generate infrastructure code from application code or runtime.

nitric - multi-language framework for cloud applications with infrastructure from code

Internal developer platform

Tools that contribute to an internal developer platform (IDP), a self-service layer of tools, services and processes that supports and accelerates your software development.

Drone - self-service Continuous Integration platform
Shipa - modern application delivery platform
KubeVela - modern application delivery platform
Ketch - Kubernetes application delivery platform
Humanitec - Internal developer platform orchestrator
Nais - application delivery platform
Garden - simplify Kubernetes delivery
Massdriver - visual IDP that enables engineers to deploy production-ready cloud infrastructure and applications in minutes

Kafka

Apache Kafka management tools.

burrow - Kafka Consumer Lag Checking
schema-registry - Confluent Schema Registry for Kafka
topicctl - Tool for declarative management of Kafka topics
kaf - Modern CLI for Apache Kafka, written in Go
franz-go - franz-go contains a feature complete, pure Go library for interacting with Kafka from 0.8.0 through 3.6+. Producing, consuming, transacting, administrating, etc.
bento - Fancy stream processing made operationally mundane
heetch/avro - Avro codec and code generation for Go
Karapace - supports the storing of schemas in a central repository, which clients can access to serialize and deserialize messages
xk6-kafka - k6 extension to load test Apache Kafka with support for various serialization formats, SASL, TLS, compression, Schema Registry client and beyond
kroxylicious - An open-source network proxy framework for Apache Kafka

Kubernetes

Kubernetes management tools.

lens - IDE for kubernetes
kubestack - a collection of Terraform modules and a dedicated Terraform provider to maintain both infra and services together
Keda - Event Driven Autoscaler
ket - Kismatic Enterprise Toolkit: a set of production-ready defaults and best practice tools for creating enterprise-tuned Kubernetes clusters
flagger - Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
cdk8s - Define Kubernetes native apps and abstractions using object-oriented programming

Kubernetes IAM

Kubiscan - A tool to scan Kubernetes cluster for risky permissions
rbac-police - Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego

Kubernetes local development

Oktekto - Develop your applications directly in your Kubernetes Cluster
Tilt - Define your dev environment as code. For microservice apps on Kubernetes
Garden - Spin up production-like environments for development, testing, and CI on demand
Telepresence - Local development against a remote Kubernetes or OpenShift cluster
Skaffold - Easy and Repeatable Kubernetes Development
Kardinal - Kardinal is an open-source framework for creating extremely lightweight ephemeral development environments within a shared Kubernetes cluste

Kubernetes runtime security

tracee - Linux Runtime Security and Forensics using eBPF
falco - Cloud Native Runtime Security
kubespy - Tools for observing Kubernetes resources in real time, powered by Pulumi
inspektor-gadget - eBPF security inspection tool
Mizu - API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes

Kubernetes security posture management

pluto - A cli tool to help discover deprecated apiVersions in Kubernetes
kubent - Easily check your clusters for use of deprecated APIs
Popeye - A Kubernetes cluster resource sanitizer
kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
kube-no-trouble - Easily check your clusters for use of deprecated APIs
nova - Find outdated or deprecated Helm charts running in your cluster
hardeneks - Runs checks to see if an EKS cluster follows EKS Best Practices
kbom - SBOM for Kubernetes
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
external-secrets - External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets
namespacehound - tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters
eraser - Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster

Kubernetes static analysis

KubeLinter - static analysis tool that checks Kubernetes YAML files and Helm charts
Kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
Kubescape - K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning
Kubeclarity - detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

Kubernetes templating

helm - The Kubernetes Package Manager
kustomize - Customization of kubernetes YAML configurations
ytt - YAML templating tool that works on YAML structure instead of text
timoni - Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm
tanka - Flexible, reusable and concise configuration for Kubernetes using Jsonnet
kluctl - The missing glue to put together large Kubernetes deployments, composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unified way

Kubernetes testing

Testkube - Kubernetes-native framework for test definition and execution
Kuberhealthy - A Kubernetes operator for running synthetic checks as pods

Linting

Linting tools to ensure high code quality.

megalinter - MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues
reviewdog - Automated code review tool integrated with any code analysis tools regardless of programming language
error-prone - Catch common Java mistakes as compile-time errors
clang-tidy- C++ linter
metabob - AI coding assistant that uses a combination of graph-attention networks and generative AI to facilitate code review and quality
Danger JS - Danger runs after your CI, automating your team's conventions surrounding code review

Terraform

tflint - Terraform linter
tfautomv - Generate Terraform moved blocks automatically for painless refactoring
Awesome terraform - Definitive list of Terraform tools
terraform visual - beautifies barely readable output from terraform graph
terrakube - OSS alternative to Terraform Cloud
hatchet - OSS alternative to Terraform Cloud
OTF - OSS alternative to Terraform Cloud
digger - state aware Terraform orchestrator
terralist - Terraform Private Registry for modules and providers manageable from a REST API

Regex

AutoRegex - convert english to regex

Observability

Platforms and tools that help provide visibility into modern distributed applications.

vector - A high-performance observability data pipeline
datadog - leading ($$$$) monitoring and security platform
kiali - observability for the Istio service mesh
cilium - eBPF-based Networking, Security, and Observability
thanos - Highly available Prometheus setup with long term storage capabilities
otelbin - Web-based tool to facilitate OpenTelemetry collector configuration editing and verification
openobserve - cloud-native observability platform built specifically for logs, metrics, traces, analytics, RUM (Real User Monitoring - Performance, Errors, Session Replay) designed to work at petabyte scale

Platform as a Service

PaaS offerings that aren't public cloud hyperscalers.

Section - simple distributed hosting solution that automatically balances traffic across regions (control plane of control planes)
Netlify - cloud application platform
Heroku - cloud application platform
Kamatera - Create servers and more, in less than 60 seconds
Sloppy - Managed Docker Hosting - fast, simple and secure
Vultr - Deploy Docker Apps in One-Click
StackPath - run your cloud workloads at the edge
Otomi - Self-hosted PaaS for Kubernetes
Replicated - Distribution Platform for Customer Controlled Software

Policy as code

Declare policies in a high-level programming language so you can version, test and automatically deploy them.

Cyral
Kyverno - Kubernetes Native Policy Management
Datree - Policy as code engine for Kubernetes. Enterprise support available
Magtape - Policy as code engine for Kubernetes
OPA Gatekeeper - Gatekeeper is a Policy Controller for Kubernetes
Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Hashicorp Sentinel - Policy as code framework for HashiCorp Enterprise Products

Secrets management

Sensitive credentials and secrets that need to be managed, secured, maintained and rotated using automation.

Sops - simple and flexible tool for managing secrets
Vault - manage secrets and protect sensitive data
Keybase - end-to-end encrypted chat and cloud storage system
Vault Secrets Operator - create Kubernetes secrets from Vault for a secure GitOps based workflow
Git Secret - a bash-tool to store your private data inside a git repository
Keyscope - a key and secret workflow (validation, invalidation, etc.) tool built in Rust
Teller - Cloud native secrets management for developers - never leave your command line for secrets
sops - Simple and flexible tool for managing secrets
deepsecrets - Secrets scanner that understands code
doppler - Platform for Secrets management
chamber - CLI for managing secrets

Service catalogue

Allow developers to manage their software, infrastructure and documentation in one central place.

Backstage - Backstage is an open platform for building developer portals
Cortex - Cortex makes it easy for engineering organisations to gain visibility into their services
OpsLevel - OpsLevel is the developer platform for teams to own, operate, and understand their production infrastructure
Clutch - An extensible platform for infrastructure management

Sharing

A collection of tools to help with sharing knowledge and telling the story in Markdown, AsciiDoc or RestructuredText.

Gitbook - modern documentation format and toolchain using Git and Markdown
Mintlify - modern standard for public facing documentation
Docusaurus - easy to maintain open source documentation websites
Docsify - a magical documentation site generator
MkDocs - project documentation with Markdown
Obsidian - markdown knowledge base
Typora - Markdown editor
Docz - Create MDX files showcasing your code and Docz turns them into a live-reloading, production-ready site
Antora - The multi-repository documentation site generator for tech writers who write in AsciiDoc
tldraw - draw things quick
excalidraw - hand-drawn look and feel diagrams
vale - A markup-aware linter for prose built with speed and extensibility in mind
runme - Runme is a tool that makes runbooks actually runnable, making it easier to follow step-by-step instructions
mdBook - Create book from markdown files. Like Gitbook but implemented in Rust

Status pages

Communication tool that helps you inform your customers or users about outages and scheduled maintenance.

cachet - The open-source status page system
instatus - Get a beautiful status page in 10 seconds, without paying thousands of dollars!
Atlassian Statuspage - the #1 status and incident communication tool
PagerDuty status page

Testing

QA Wolf - QA Wolf gets web apps to 80% automated end-to-end test coverage in weeks, not years

A/B testing

Feature flags and two-sample hypothesis testing.

Optimizely - A/B testing at scale
VWO Testing - A/B testing
Split - managed feature flags and rollouts
Sitespect - A/B testing and site optimization

Load, stress & soak testing

Performance testing tools. Does it run? Does it scale?

k6 - cloud-native load tests written in JS
Artillery - cloud-scale performance testing
Jmeter - 20+ years of solid Java testing
Gatling - Java based load testing as code. Note: slower than newer alternatives
Tsung - high-performance benchmark and stress testing tool
Locust - modern load testing in Python
LoadRunner - Load testing tool from Micro Focus
TCPCopy - TCP stream replay tool to support real testing of Internet server applications
Siege - HTTP load testing and benchmarking utility
Wrk - Modern HTTP benchmarking tool
Web Bench - Web Bench is very simple tool for benchmarking WWW or proxy servers

Usage-based pricing

Tools that help with managing usage-based pricing.

See: Use It or Lose It: Why Usage-Based Pricing

OpenMeter - Usage Metering for AI, DevOps, and Billing. Built for engineers to collect and aggregate millions of events in real-time
Amberflo - Amberflo provides the most advanced and comprehensive platform for building and deploying usage-based pricing
Stigg - Instantly build any pricing plan, gauge access control, introduce paywalls and customer portals
Lago - Open Source Metering and Usage Based Billing
Ordway - Invoice based upon consumption of cloud services
Metronome
octane
orb
lago
chargebee
moesif

Name		Name	Last commit message	Last commit date
Latest commit History 55 Commits
LICENSE		LICENSE
README.md		README.md

License

dstrates/awesome-platform-engineering

Folders and files

Latest commit

History

Repository files navigation