In the past decade or so, open source software has become a critical component of many companies' tech stacks. The proliferation of cloud computing and artificial intelligence (AI) accelerated this trend, making open source projects such as Kubernetes, TensorFlow, Jenkins, and OpenCV more attractive to developers and infrastructure teams alike.
And security operations are no exception. Open source software has found its way into cybersecurity engineering and operations. Snort, OpenSSL, Yara, Wireshark, etc., are often found in organizations' arsenal of security tools. Open source is now fundamental to security operations, and building, supporting, and using open source tools is an integral part of InfoSec culture.
To better track the proliferation of open source software in cybersecurity infrastructure and applications, Andrew Smyth of Atlantic Bridge and I created The Open Source Security Index as a free resource for developers and security engineers to find and identify the best open source security technology. The index lists the top 100 most popular and fastest-growing security projects on GitHub. We emphasize fast growing as we believe modern security operations are different from security in the past, when most deployments happened on-premises. As such, many of the fast-growing OSS projects are newer initiatives designed for modern infrastructure environments.
To build this index, we use the GitHub API to pull projects based on tags and topics, and manually added projects that lack labels. To constrain our scope, we limited the search to projects that are considered direct security tools. Those that have security implications but fall more into infrastructure capabilities, such as Terraform, Elastic, Istio, and Envoy, are not included here.
How We Ranked the Entries
Once we had the raw list, we ranked entries based on an "Index Score," which is a weighted average of six metrics retrieved from GitHub. They include:
- Number of stars: 30%
- Number of contributors (excluding bots and anonymous accounts): 25%
- Number of commits the project had in the last 12 months: 25%
- Number of watchers: 10%
- Change in the number of watchers over the last month: 5%
- Number of forks: 5%
Based on this scoring methodology, we list the top 100 GitHub projects on the The Open Source Security Index website. The index is an evolving, live project. We will refresh the data monthly to keep the list current.
While the top 25 list includes familiar tools like Metasploit, Wireshark, and OS Query, there are also relatively new entrants, such as Cilium, Checkov, and Calico, that are designed specifically for modern and cloud-native infrastructure.
Looking across the top 25 list, a few interesting trends emerge. They are:
- Attack and red-team open source tools remain popular: Projects that provide effective attack and testing tools are prominently positioned on the list. Metasploit, OSS Fuzz, Atomic Red Team, and Zap are a few examples.
- Security for modern infrastructure is gaining popularity: Unlike traditional security utilities, projects such as Cilium, Trivy, Calico, and Sysdig are becoming increasingly popular. Those projects are designed to work with newer, cloud-native infrastructure, such as Kubernetes, containers, and microservices. The fact that these projects are listed among the most popular shows that cloud computing is now mainstream with security operations.
- Automation and "as-code" workflow utilities have emerged: It's also worth noting that projects that enable automation and "as-code" workflows have also appeared in the top list. For instance, Nuclei, a project that focuses on vulnerability-management-as-code, is a fast-growing project used by bug researchers, red teams, and defenders. Sigma is another project that enables automation and sharing of attack detection methods.
We believe that the evolution of open source security (OSS) will follow the same trajectory as enterprise infrastructure in embracing OSS models. An increasing number of security practitioners choose open source as a fundamental strategy because of its extensibility, flexibility, and transparency of implementation. In addition, sophisticated security teams have adopted the "shift-left" mindset, where managing security policies and operations is like managing "code." To this end, an open source strategy provides a clear advantage compared with the traditional way of developing and deploying proprietary software artifacts.
We created this index because we had a challenging time finding a good, representative list of open source security projects. Although imperfect, this index represents a starting point to build a structured and comprehensive list of meaningful open source tools for security practitioners to consider. We worked with many open source creators to build this list, and we welcome feedback at @OSecurityIndex.