In the past decade, open-source software has become a critical component of many companies’ tech stacks. The proliferation of cloud computing and artificial intelligence (AI) accelerated this trend, making open-source projects such as Kubernetes, TensorFlow, Jenkins, and OpenCV more attractive to developers and infrastructure teams.
And security operations are no exception. Open-source software has found its way into cybersecurity engineering and operations. Snort, OpenSSL, Yara, Wireshark, etc., are often found in organizations’ security tools. Open source is now fundamental to security operations, and building, supporting, and using open source tools are integral to InfoSec culture.
To better track, the proliferation of open-source software in cybersecurity infrastructure and applications, Andrew Smyth of Atlantic Bridge and I created The Open Source Security Index as a free resource for developers and security engineers to find and identify the best open-source security technology. The index lists the top 100 most popular and fastest-growing security projects on GitHub. We emphasize fast growth as we believe current security operations differ from security in the past when most deployments happened on-premises. As such, many of the fast-growing OSS projects are newer initiatives designed for modern infrastructure environments.
We used the GitHub API to build this index to pull projects based on tags and topics. We manually added projects that lacked labels. We limited the search to projects considered direct security tools to constrain our scope. Those with security implications but fall more into infrastructure capabilities, such as Terraform, Elastic, Istio, and Envoy, are not included here.
How We Ranked the Entries
Once we had the raw list, we ranked entries based on an “Index Score,” a weighted average of six metrics retrieved from GitHub. They include:
- Number of stars: 30%
- Number of contributors (excluding bots and anonymous accounts): 25%
- Number of commits the project had in the last 12 months: 25%
- Number of watchers: 10%
- Change in the number of watchers over the last month: 5%
- Number of forks: 5%
Based on this scoring methodology, we list the top 100 GitHub projects on The Open Source Security Index website. The index is an evolving, live project. We will refresh the data monthly to keep the list current.
While the top 25 list includes familiar tools like Metasploit, Wireshark, and OS Query, there are also relatively new entrants, such as Cilium, Checkov, and Calico, that are explicitly designed for modern and cloud-native infrastructure.
Looking across the top 25 list, a few interesting trends emerge. They are:
- Attack and red-team open-source tools remain popular: Projects that provide effective attack and testing tools are prominently positioned on the list. Metasploit, OSS Fuzz, Atomic Red Team, and Zap are a few examples.
- Security for modern infrastructure is gaining popularity: Unlike traditional security utilities, projects such as Cilium, Trivia, Calico, and Sysdig are becoming increasingly popular. Those projects are designed to work with newer, cloud-native infrastructure, such as Kubernetes, containers, and microservices. The fact that these projects are listed among the most popular shows that cloud computing is now mainstream with security operations.
- Automation and “as-code” workflow utilities have emerged: It’s also worth noting that projects that enable automation and “as-code” workflows have also appeared in the top list. For instance, Nuclei, a project focusing on vulnerability-management-as-code, is a fast-growing project used by bug researchers, red teams, and defenders. Sigma is another project that enables the automation and sharing of attack detection methods.
The evolution of open source security (OSS) will follow the same trajectory as enterprise infrastructure in embracing OSS models. An increasing number of security practitioners choose the open source as a fundamental strategy because of its extensibility, flexibility, and transparency of implementation. In addition, sophisticated security teams have adopted the “shift-left” mindset, where managing security policies and operations is like managing “code.” To this end, an open-source strategy provides a clear advantage compared with the traditional way of developing and deploying proprietary software artefacts.
We created this index because we needed help finding a good, representative list of open-source security projects. Although imperfect, this index represents a starting point for building a structured and comprehensive list of meaningful open-source tools for security practitioners to consider. We worked with many open-source creators to make this list, and we welcome feedback at @OSecurityIndex.