Search Results for "kernel security"
Sort By:
Showing 260 open source projects for "kernel security"
View related business solutions-
GWI: On-demand Consumer ResearchNeed easy access to consumer insights? Our intuitive platform is the answer. Get the ultra-reliable research that brands and agencies need to stay ahead of changing consumer behavior.
-
MaintainX is the world-leading mobile-first workflow management platform for industrial and frontline workers.Your day-to-day maintenance tasks, simplified. MaintainX eliminates the paperwork, so you can spend less time on your clipboard and more time getting things done.
-
1
Linux Kernel
Linux Kernel source tree
The Linux Kernel is the core component of the Linux operating system—a free, open-source, monolithic, Unix-like system kernel initiated by Linus Torvalds in 1991 and since evolved into a foundational technology powering everything from servers and supercomputers to smartphones and embedded devices. There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation. Extensive filesystem compatibility (ext4, Btrfs, FUSE, XFS, etc.) Broad... -
2
Santa
A binary authorization system for macOS
...Santa is built to help protect users by stopping the spread of malware and analyzing what's running on a computer, but is by no means a total security system. Ideally Santa works as a part of a defense-in-depth strategy, and other measures should be in place to protect hosts. -
3
SerenityOS
The Serenity Operating System
SerenityOS is an open source Unix-like operating system project with its own custom kernel, graphical user interface, system libraries, and userland tools. It combines a nostalgic “90s UI aesthetic” with modern system capabilities: a preemptive, multi-threaded kernel, own browsers, network stack, file systems, IPC, security features, and a suite of graphical / developer applications. The project is both a hobbyist OS and a polished engineering sandbox. -
4
LiteBox
A security-focused library OS supporting kernel execution
LiteBox is a security-focused “library OS” sandboxing project that aims to shrink the interface between an application and its host environment to reduce attack surface. Instead of relying solely on broad OS-level permissions, it focuses on isolating workloads by tightly controlling the boundary where code interacts with host services and system resources. -
Workable Hiring Software - Hire The Best People, FastWorkable is the preferred software for today's recruiting industry and HR teams, trusted by over 6,000 companies to streamline their hiring processes. Finding the right person for the job has never been easier—users now possess the ability to manage multiple hiring pipelines at once, from posting a job to sourcing candidates. Workable is also seamlessly integrated between desktop and mobile, allowing admins full control and flexibility all in the ATS without needing additional software.
-
5
gVisor
Application Kernel for Containers
gVisor is an application kernel developed by Google that provides a strong layer of isolation between applications and the host operating system. Written in Go, it implements a Linux-compatible system call interface that runs entirely in user space, creating a secure sandboxed environment for containers. Unlike traditional virtual machines or lightweight syscall filters, gVisor follows a third approach that offers many of the security benefits of virtualization while maintaining the speed, resource efficiency, and flexibility of containers. ... -
6
Tetragon
eBPF-based Security Observability and Runtime Enforcement
...Synchronous monitoring, filtering, and enforcement completely in the kernel with eBPF. -
7
nono
Secure, kernel-enforced sandbox CLI and SDKs for AI agents
nono is an open-source, kernel-enforced capability shell designed to safely run AI agents and other untrusted processes under strict operating system controls. The project addresses a growing security concern: modern coding agents typically execute with full user permissions, which means they can potentially read sensitive files, modify system configurations, or exfiltrate credentials if compromised. nono solves this by applying default-deny sandboxing at the kernel level using technologies such as Landlock on Linux and Seatbelt on macOS, making unauthorized actions structurally impossible rather than merely discouraged. ... -
8
MemGuard
Secure software enclave for storage of sensitive information in memory
This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go. Sensitive data is encrypted and authenticated in memory with XSalsa20Poly1305. The scheme used also defends against cold-boot attacks. Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage collector. Buffers that store... -
9
Elkeid
Open source solution that can meet the requirements of workloads
Elkeid is an open-source platform for security and intrusion-detection that aims to support a wide variety of deployment contexts — from bare-metal hosts to containers, Kubernetes clusters, and even serverless environments. It was born out of ByteDance’s internal security best practices, offering for community users a subset of its enterprise-grade capabilities. Elkeid combines kernel-level data collection, user-space agents, and runtime instrumentation (RASP) to detect malicious behavior, file anomalies, runtime exploits, and suspicious container activity. ... -
Raima Database Manager is an embedded in-memory database for IoT and Edge devicesRaima Database Manager (RDM) is an embedded relational database optimized to run on resource-constrained IoT edge devices that require real-time response. RDM enables intelligent decisions to be made at the device level within microseconds.
-
10
nsjail
A lightweight process isolation tool that utilizes Linux namespaces
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security. It utilizes Linux namespace subsystem, resource limits, and the seccomp-bpf syscall filters of the Linux kernel. -
11
fswatch
A cross-platform file change monitor with multiple backends
A cross-platform file change monitor with multiple backends: Apple OS X File System Events API, BSD kqueue, Solaris/Illumos File Events Notification, Linux inotify and a stat()-based backend. fswatch is a file change monitor that receives notifications when the contents of the specified files or directories are modified. fswatch implements four kinds of monitors. A monitor based on the File System Events API of Apple OS X. A monitor based on kqueue, an event notification interface introduced... -
12
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
syzkaller is Google’s coverage-guided, feedback-driven kernel fuzzer designed to uncover reliability and security bugs in operating system kernels at scale. It automatically generates, mutates, and minimizes system call programs, then drives them through a specialized executor (syz-executor) to exercise deep kernel paths. The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. ... -
13
ArkOS
Another rockchip Operating System
Another rockchip Operating System. This OS came about from an initial fork of The Retro Arena to support a roms folder on a NTFS partition so that the management of roms could be done by simply putting you SD card into an appropriate card reader on a Windows 10 computer. Through various upgrades and tweaks overtime, it has diverged significantly from TheRA and it's time to rebrand this distro. With suggestions provided by community members, ArkOS was chosen. -
14
Tock OS
A secure embedded operating system for microcontrollers
Tock is a secure, embedded operating system designed for microcontrollers and low-power hardware platforms. Written in Rust, it uses a novel kernel architecture where the OS runs a minimal trusted core and all userland code, including device drivers, is sandboxed and isolated. Tock is ideal for IoT devices, wearables, and embedded research projects where reliability and safety are critical. Its capability-based security model and preemptive multitasking allow developers to safely run multiple applications on constrained devices with confidence in memory and fault isolation. -
15
Deckhouse
Kubernetes platform from Flant
...Built-in implementation of Pod Security Standards and a ready-to-use, extensible set of recommended policies. Deckhouse automates many routine deployment, scaling, and infrastructure management operations out of the box. It manages system software on the nodes (kernel, CRI, kubelet), basic Kubernetes components (control plane, etc, certificates, etc.). -
16
Hubble
Network, Service & Security Observability for Kubernetes using eBPF
Hubble is a fully distributed networking and security observability platform for cloud native workloads. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner. The Linux kernel technology eBPF is enabling visibility into systems and applications at a granularity and efficiency that was not possible before. -
17
cat-catch
Cat scratch chrome resource sniffing extension
...Maozha is open source. Anyone can download and modify it and put it on the app store. There are already many fake Maozha with the ad code added. Please pay attention to your own data security. All installation addresses are subject to github and user documentation. Chromium kernel version 93 or later is required after version 1.0.17. If it is lower than 93, please use version 1.0.16. The extension is a general sniffing tool and has the same function as the browser DevTools. It does not decrypt any website. Any content downloaded by the user has nothing to do with the extension. ... -
18
Talos Linux
Talos Linux is a modern Linux distribution built for Kubernetes
Talos Linux is Linux designed for Kubernetes – secure, immutable, and minimal. Supports cloud platforms, bare metal, and virtualization platforms. All system management is done via an API. No SSH, shell or console. Production-ready supports some of the largest Kubernetes clusters in the world. Open source project from the team at Sidero Labs. It only takes 3 minutes to launch a Talos cluster on your laptop inside Docker. Talos reduces your attack surface. It's minimal, hardened and... -
19
Typhoon
Minimal and free Kubernetes distribution with Terraform
Typhoon is a minimal and free Kubernetes distribution. Minimal, stable base Kubernetes distribution. Declarative infrastructure and configuration. Free (freedom and cost) and privacy-respecting. Practical for labs, datacenters, and clouds. Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components. Typhoon provides a Terraform Module for each supported operating system and... -
20
WireGuard-Manager
Streamline the deployment and management of WireGuard VPNs
...WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. -
21
BlackHole
BlackHole is a modern macOS audio loopback driver
...The driver integrates directly with macOS Core Audio and appears in Audio MIDI Setup and supported audio applications. Designed with performance and stability in mind, BlackHole works on both Intel and Apple Silicon Macs without requiring kernel extensions or system security modifications. As an open-source project, it offers transparency, customization options, and active community-driven development. -
22
Armbian Linux Build Framework
Armbian Linux Build Framework
...Special config utilities are optional. A distributed image is compressed to its real data size which starts below 1G. Login is possible via serial, HDMI/VGA or SSH. Boot loader and kernel optimizations, memory caching, ZRAM swap, and video acceleration where applicable. Images are made fully automatized from sources. Releases are PGP signed and code is regularly inspected by the community. Long-term support, quick security fixes, documentation and community-based end-user support. Make sure you have a good & reliable SD card and a proper power supply. ... -
23
Yank Note
A Hackable Markdown Note Application for Programmers
A Hackable Markdown Note Application for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, Reveal.js, plug-in, and macro replacement. Use Monaco kernel, optimize for Markdown editing, and have the same editing experience as VSCode. Support version control; Applets, runnable code blocks, tables, PlantUML, Drawio, macro replacements, etc., can be embedded in the document; support for OpenAI... -
24
Osquery
SQL operating system instrumentation and monitoring framework
Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser... -
25
Cilium
eBPF-based networking, security, and observability
Cilium is open-source software for providing, securing and observing network connectivity between container workloads, cloud-native, and fueled by the revolutionary Kernel technology eBPF. Kubernetes doesn't come with an implementation of Load Balancing. This is usually left as an exercise for your cloud provider or in private cloud environments an exercise for your networking team. Cilium can attract this traffic with BGP and accelerate leveraging XDP and eBPF. Together these technologies...
