FOSS security applications

Dear all,

Context: As Frappe, when we were implementing ISO 27000, we looked at various FOSS options for things like: anti-virus, end-point security, security operations center (SOC) etc and did not find many options. ClamAV seems to be the best FOSS anti-virus around and we found nothing interesting for end-point security and overall control center.

This also came up in a recent conversation with a few senior folks in academia and gov. Would love to know from security experts, what is the state of security apps for FOSS. What are the frameworks, tools for both attack and defense in the space.

(or any articles in that direction)


1 Like

Apart from clamav and a few rootkit scanners, I don’t think there are any other meaningful antivirus tools in the Linux world. That’s telling of the Linux security model.

In networking, app deployments, containers, cloud etc. there are numerous great things happening. Eg: “Zero-trust” networking and authentication systems, VPNs, eBPF for network security and monitoring, firewalls. In the security tools space, there are things like Kali Linux, and a host of other pentesting and networking tools.

1 Like

There will be a lot of detailing in ISO 27001 which is focused around windows such as ensure antivirus is enabled there are two way to approach it.

  1. conform to the ISO 27001 in spirit. : example why antivirus was needed justify and sort it even if you dont install it you can justify.
  2. conform to ISO 27001 in words : install whatever is available and be done with it.

That being said Let me come to your original question around whats the state on offense and defense tooling. most offensive tooling is open in public coz thats how they growth happened and people were able to move forward. but defense was the area which always paid so people keep things closer to chest hence less of opensource tooling around that area IMHO. Talks about a lot of tooling and some of them are like frappe open source with paid service

Couple of projects to look for

Lots and lots from attack side of equation.

A lot more could be found on lists like GitHub - sbilly/awesome-security: A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.


Another tool I’ll add to the list shared by Anant,


It’s an open source security automation platform which you can use in conjunction with other security tools to build automated playbooks for activities such as incident response or analysis.

The thing with having so many libraries and tools is it might leave a tech team very unguided after looking at all the solutions.

IMO this is similar to the observability stack because there are so many open source observability tools and you might be unsure on what to go for.

What I have found to help myself is a lot of observability-in-a-box docker compose setup on GitHub which combine many services together and have everything you might need to begin and experiment with.

Similarly, I feel a SOC-in-a-box setup would be a great guide or starting point for tech teams to set up great security operations with open source tools.

1 Like

I think we need something like what owasp has done Projects | OWASP Foundation via OWASP Integration Standards | OWASP Foundation

1 Like

Thanks @anant_shrivastava for the comprehensive list! Will be great if you could help classify these projects based on the types of assets they protect or the kind of features they bring to the table.

1 Like

The awesome security link that i posted at the end (GitHub - sbilly/awesome-security: A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.) has classifications does that help.

1 Like


If we talk about Embedded device or IOT device side security, we have mbedTLS, which is software crypto library.