/dereks-awesome-list

Derek's List of Awesome Stuff

Creative Commons Attribution Share Alike 4.0 InternationalCC-BY-SA-4.0

Derek's Awesome List

Awesome lint CC-BY-SA Contributor Covenant

All Contributors

An awesome list of things I like and have found useful

Contents

Awesome Lists

There are many great awesome lists. These are a few of them.

  • Awesome - The original awesome list.
  • Awesome Docker - A curated list of Docker resources and projects.
  • Awesome Selfhosted - An awesome list dedicated to self-hostable applications.
  • Awesome Sysadmin - A curated list of amazingly awesome open source sysadmin resources.
  • Awesome VSCode - A curated list of delightful Visual Studio Code packages and resources.
  • The Book of Secret Knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools, and more.

Containers

  • Docker - The Docker container runtime & developer ecosystem.
  • Hadolint - A smarter Dockerfile linter that helps you build best practice Docker images.
  • Microsoft Container Tagging Recommendations - Recommendations on container tags from Microsoft.
  • OCI Container Annotations - A list of container annotations (labels) recommended by the Open Container Initiative.
  • Skopeo - Skopeo is a command line utility that performs various operations on container images and image repositories.
  • tini - Tini is the simplest init you could think of. All Tini does is spawn a single child (Tini is meant to be run in a container), and wait for it to exit all the while reaping zombies and performing signal forwarding.
  • Trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.

Development Tools

  • Direnv - Direnv is an extension for your shell. It augments existing shells with a new feature that can load and unload environment variables depending on the current directory.
  • NocoDB - Turns any MySQL, PostgreSQL, SQL Server, SQLite & MariaDB into a smart-spreadsheet.
  • PostGraphile - Instantly spin-up a GraphQL API server by pointing PostGraphile at your existing PostgreSQL database.
  • PostgREST - PostgREST serves a fully RESTful API from any existing PostgreSQL database.
  • pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
  • Visual Studio Code - Code editing. Redefined. Free. Built on open source. Runs everywhere.

Documentation

  • Hugo - The world's fastest framework for building websites.
  • MarkdownLint - A Node.js style checker and lint tool for Markdown/CommonMark files.
  • MarkdownLint-cli2 - A fast, flexible, configuration-based command-line interface for linting Markdown/CommonMark files with the markdownlint library.
  • MKDocs - MkDocs is a fast, simple and downright gorgeous static site generator that's geared towards building project documentation.
  • MKDocs Material - Create a branded static site from a set of Markdown files to host the documentation of your Open Source or commercial project. Set up in 5 minutes.

Open Source Best Practices

  • All Contributors - Recognize All Contributors, Including those that don't push code.
  • Balanced Employee IP Agreement (BEIPA) - BEIPA takes a balanced approach to assigning control of intellectual property (IP) created by an employee. The company gets exclusive control of IP created in the scope of an employee's job. The employee maintains exclusive control of IP created outside of their job and not related to the company's business.
  • Contributor Covenant - A Code of Conduct for Open Source Communities.
  • Conventional Commits - A specification for adding human and machine readable meaning to commit messages.
  • Open Source Security Foundation - Group dedicated to securing the open source ecosystem.

Security

  • SPIFFE - SPIFFE, the Secure Production Identity Framework for Everyone, is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments.
  • SPIRE - SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue SVIDs to workloads, and verify the SVIDs of other workloads, based on a predefined set of conditions.

Software Supply Chain Security

  • DSSE - Simple, foolproof standard for signing arbitrary data.
  • GitLeaks - Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos.
  • Grype - A vulnerability scanner for container images and filesystems. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
  • in-toto - A framework to secure the integrity of software supply chains. in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.
  • in-toto Attestations - This repository defines the in-toto attestation format, which represents authenticated metadata about a set of software artifacts.
  • OWASP ZAP - The world's most widely used web app scanner.
  • SLSA - Supply chain Levels for Software Artifacts, or SLSA (salsa). It's a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.
  • Syft - A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner tool like Grype.
  • TUF - A framework for securing software update systems. The Update Framework (TUF) helps developers maintain the security of software update systems, providing protection even against attackers that compromise the repository or signing keys.
  • Witness - Witness is a pluggable framework for supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target.

Contributors ✨


Derek Murawsky

🖋 🎨

James Hegedus

🔧 💡

Sindre Sorhus

🤔 💡

All Contributors

🤔 🔧

Alex Lapinski

🤔 🔧 🧑‍🏫

Jonathan DeMasi

🔧 🤔

This project follows the all-contributors specification. Contributions of any kind welcome, just follow the guidelines!