Trust nothing. Prove everything.
This is an open-source toolkit for trust assurance: security monitoring, access control, auditability, integrity, and verifiable provenance around regulated data and critical systems. No vendor lock-in. No magic. Just plumbing you control.
Designed for environments handling sensitive data, connected devices, and AI—healthcare, defense, manufacturing, food & beverage—where leaders must show controls can be proven, not just asserted.
A working Docker Compose reference implementation is available in the reference-implementation directory. It includes:
- Observability: OpenObserve, Grafana, Prometheus
- Incident Response: FIR
- Simulation: A data generator for testing telemetry
Get the foundation right before picking specialized tools.
- Identity & Policy: Keycloak / Authentik + Open Policy Agent (OPA)
- Kubernetes Policy: Gatekeeper + Kyverno
- Observability: OpenObserve + Prometheus + Grafana + OpenTelemetry
- Search: OpenSearch (log/event search at scale)
- Detection: Wazuh + Suricata + osquery + Zeek + Falco
- Incident Response: TheHive
- Secrets & Certs: HashiCorp Vault + step-ca + cert-manager
- Supply Chain: Syft + Grype + Trivy + Dependency-Track
- Data Plumbing: Apache Kafka / NATS / RabbitMQ
- State: PostgreSQL
Where you catch bad actors and honest mistakes.
- Wazuh — Endpoint security and log analysis; host telemetry.
- Suricata — Network IDS; packet-based detections.
- Zeek — Network telemetry; high-fidelity protocol logs.
- Falco — Runtime detection; suspicious process/container behaviors.
- osquery — Endpoint inventory as SQL.
- YARA — Content and malware pattern matching.
- Sigma — Generic signature format for SIEM systems.
- EdgeX Foundry — Edge integration framework.
- MQTT — Lightweight pub/sub protocol for IoT.
- OPC UA — Industrial interoperability protocol.
- PostgreSQL — Durable relational store.
- MariaDB — Relational alternative (common in ERPs).
- Redis — Cache and message broker.
- Keycloak — OIDC/SAML identity provider.
- Authentik — Lightweight IdP and SSO.
- Open Policy Agent (OPA) — Policy-as-code engine.
- Kyverno — Kubernetes-native policy engine.
- Kong Gateway — API gateway with AI plugins.
- Traefik — Cloud-native edge router.
- Envoy — High-performance proxy.
- NeMo Guardrails — Programmable LLM guardrails (NVIDIA).
- Guardrails AI — Structure and type validation for LLMs.
- LLM Guard — Security toolkit for LLM inputs/outputs.
- Microsoft Presidio — PII detection and redaction.
- TheHive — Security Incident Response Platform.
- n8n — Workflow automation.
- Shuffle — Open source SOAR.
- StackStorm — Event-driven automation.
- HashiCorp Vault — Secrets management.
- SoftHSM — Software emulation of an HSM.
- step-ca — Private certificate authority.
- HAPI FHIR — Complete implementation of the HL7 FHIR standard in Java.
- NextGen Connect (Mirth) — Healthcare integration engine.
- ERPNext — Open source ERP (Quality Management, Manufacturing).
- OpenObserve — Full-stack observability (logs, metrics, traces).
- OpenSearch — Search and analytics suite.
- Grafana — The open observability platform.
- Prometheus — Monitoring system and time series database.
- Jaeger — Distributed tracing.
- restic — Fast, secure, efficient backups.
- Velero — Backup and migrate Kubernetes resources.
- MITRE ATT&CK Navigator — Explore the ATT&CK matrix.
- Caldera — Automated adversary emulation.
- Atomic Red Team — Small and highly portable detection tests.
- OpenSCAP — Security compliance (SCAP).
- Lynis — Security auditing tool for Linux/Unix.
- in-toto — Framework to secure the integrity of software supply chains.
- Sigstore — Signing and verifying software artifacts.
- Trillian — Transparent, highly scalable and verifiable data store.
- OpenLineage — Open standard for data lineage.
- Marquez — Lineage metadata collection and visualization.