Otvoreni open-source ekosistem za sajber bezbjednost: održiva, transparentna i pristupačna alternativa komercijalnim rješenjima

Sajber bezbjednost se danas zasniva na kompleksnom ekosistemu servisa, platformi i alata. Većina takvih rješenja dolazi iz komercijalnog sektora, što često znači visoke cijene, zatvorene standarde i ograničene mogućnosti lokalne prilagodbe. Istovremeno, globalna zajednica razvija moćan i sve širi open-source ekosistem koji nudi besplatne ili otvoreno licencirane alate za gotovo sve kategorije bezbjednosnih funkcija — od SIEM-a i EDR-a, do SAST testiranja, SOAR orkestracije, zaštite API-ja i cloud bezbjednosti.

U praksi, open-source alati omogućavaju mnogo veću transparentnost, lakše provjere integriteta, brže auditiranje koda i bolju lokalnu kontrolu nad podacima. To je posebno važno za institucije, univerzitete, nevladine organizacije, medije i startupe, koji često nemaju pristup skupim komercijalnim alatima, ali moraju dostići visok nivo sajber otpornosti. Za zemlje poput Bosne i Hercegovine i širu regiju Zapadnog Balkana, open-source rješenja predstavljaju realan, efikasan i dugoročno održiv put za izgradnju kapaciteta.

U nastavku je pripremljena potpuno open-source verzija istog sajber bezbjednosnog ekosistema, grupisana po kategorijama. Ovaj pregled služi kao vodič za sve koji žele izgraditi snažan i ekonomičan sigurnosni stack, bez kompromisa po kvalitetu.

PEOPLE / SOFTWARE

SOAR / Automation

• TheHive → https://thehive-project.org/

• Cortex → https://thehive-project.org/cortex/

• Shuffle SOAR → https://shuffler.io

• StackStorm → https://stackstorm.com

SIEM / SecOps

• Wazuh → https://wazuh.com

• Elastic Security (open source core) → https://www.elastic.co/security

• Graylog Open → https://www.graylog.org/products/open

• OpenSearch Security Analytics → https://opensearch.org

MDR / SOC Platforms (Open-source friendly)

• Security Onion → https://securityonionsolutions.com/software

• RockNSM → https://rocknsm.io

• MozDef → https://github.com/mozilla/MozDef

Identity

• FreeIPA → https://www.freeipa.org

• Keycloak → https://www.keycloak.org

• AuthLibre → https://github.com/authlib/authlib

Access Management / Authentication

• Authelia → https://www.authelia.com

• LemonLDAP::NG → https://lemonldap-ng.org

• OpenAM (community edition) → https://github.com/OpenRock/OpenAM

DFIR / Incident Response Toolkits

• Velociraptor → https://www.velocidex.com

• GRR Rapid Response → https://github.com/google/grr

• CyberChef → https://gchq.github.io/CyberChef

HARDWARE / ENDPOINT / IOT

Endpoint Security / EDR

• Wazuh Agent → https://wazuh.com

• OSQuery → https://osquery.io

• Falco → https://falco.org

• OpenEDR → https://github.com/ComodoSecurity/openedr

• ClamAV → https://www.clamav.net

Secure Browsers

• Firefox ESR → https://www.mozilla.org/en-GB/firefox/enterprise/

• Chromium → https://www.chromium.org/Home

• Ungoogled Chromium → https://github.com/ungoogled-software/ungoogled-chromium

Unified Endpoint & Asset Management

• FleetDM → https://fleetdm.com

• Snipe-IT → https://snipeitapp.com

• OCS Inventory → https://ocsinventory-ng.org

• GLPI → https://glpi-project.org

IoT / OT Security

• Zeek → https://zeek.org

• Suricata → https://suricata.io

• Snort Community → https://www.snort.org

• OpenPLC → https://openplcproject.com

Asset Management

• NetBox → https://netbox.dev

• OpenAudit → https://www.opmantek.com/openaudit/

NETWORK / FIREWALL / SASE

Secure Networking / VPN

• WireGuard → https://www.wireguard.com

• OpenVPN → https://openvpn.net/community

• StrongSwan → https://www.strongswan.org

• SoftEther VPN → https://www.softether.org

Zero Trust / SASE-style

• OpenZiti → https://openziti.io

• Pritunl Zero → https://zero.pritunl.com

• Teleport (open source) → https://goteleport.com

• Authelia + Traefik stack → https://traefik.io

Firewalls

• OPNsense → https://opnsense.org

• pfSense CE → https://www.pfsense.org

• IPFire → https://www.ipfire.org

• VyOS → https://vyos.io

APPLICATION SECURITY / APPSEC / AST

SAST / DAST

• OWASP ZAP → https://www.zaproxy.org

• Semgrep (community) → https://semgrep.dev

• Bandit → https://bandit.readthedocs.io

• Brakeman → https://brakemanscanner.org

• Gosec → https://github.com/securego/gosec

Software Supply Chain Security

• Sigstore → https://www.sigstore.dev

• Cosign → https://github.com/sigstore/cosign

• Trivy → https://trivy.dev

• Syft → https://github.com/anchore/syft

• Grype → https://github.com/anchore/grype

• Dependency-Track → https://dependencytrack.org

• OpenSSF Scorecards → https://github.com/ossf/scorecard

• in-toto → https://in-toto.io

API Security

• OWASP API Security Project → https://owasp.org/www-project-api-security

• KrakenD OSS API Gateway → https://www.krakend.io/open-source/

CLOUD SECURITY

Cloud / K8s Posture & Hardening

• Kubesec → https://kubesec.io

• kube-bench → https://github.com/aquasecurity/kube-bench

• kube-hunter → https://github.com/aquasecurity/kube-hunter

• Falco → https://falco.org

• Cloud Custodian → https://cloudcustodian.io

Cloud & Infra Visibility

• Prometheus → https://prometheus.io

• Grafana Loki → https://grafana.com/oss/loki

• OpenTelemetry → https://opentelemetry.io

DATA RISK, PRIVACY & COMPLIANCE

Email Security

• Rspamd → https://rspamd.com

• SpamAssassin → https://spamassassin.apache.org

• OpenDMARC → https://github.com/trusteddomainproject/OpenDMARC

• OpenDKIM → https://www.opendkim.org

Data Security / DSPM

• Apache Ranger → https://ranger.apache.org

• HashiCorp Vault → https://www.vaultproject.io

• OpenBAS → https://github.com/NextronSystems/openbas

Encryption / Storage

• Cryptomator → https://cryptomator.org

• VeraCrypt → https://www.veracrypt.fr

Privacy & GRC

• OpenGRC → https://github.com/strongdm/open-grc

• ArcherySec GRC → https://archerysec.io

• OpenControl → https://opencontrol.dev

Audit & Monitoring

• Auditd → https://linux.die.net/man/8/auditd

• Wazuh Compliance → https://wazuh.com

• Lynis → https://cisofy.com/lynis

VULNERABILITY MANAGEMENT

Scanning / Assessment

• OpenVAS (Greenbone Community) → https://www.openvas.org

• Nmap → https://nmap.org

• Nuclei → https://nuclei.projectdiscovery.io

• Trivy → https://trivy.dev

• Grype → https://github.com/anchore/grype

• Nikto → https://cirt.net/Nikto2

Third-Party / Vendor Risk

• Dependency-Track → https://dependencytrack.org

• OpenGRC vendor module → https://github.com/strongdm/open-grc