Kener — Status Pages
A sleek, self-hosted status page system. Monitor APIs, ping, TCP, DNS, SSL; manage incidents and maintenance; notify via email, Slack, Discord. Perfect when paid status page services are too expensive for early-stage teams.
Resources
Tools for Startups
Tools that would cost a lot elsewhere — free, open-source, and ready to deploy yourself. No lock-in, no recurring fees.
Namviek — Project Management
Open-source project management for tiny teams. Tasks, boards, and collaboration without Jira or Monday.com pricing — self-host and pay only for hosting (~$10–15/month total). Can save up to 90% vs per-seat tools as your team grows.
pgroll — PostgreSQL Zero-Downtime Migrations
Safe, reversible schema migrations for Postgres. Multiple schema versions run at once so apps keep working while you migrate. No locking, automatic backfilling, instant rollback. Single binary, works with Postgres 14+ and any provider (RDS, Aurora).
beautiful-mermaid — Mermaid Diagrams as SVG or ASCII
Render Mermaid diagrams as themeable SVGs or ASCII for terminals. Flowcharts, state, sequence, class, ER, XY charts — synchronous rendering, 15+ themes, Shiki-compatible. Zero DOM deps, fast. Great for docs, CLIs, and AI-assisted tooling.
Voicebox — Open-Source Voice Synthesis Studio
Local-first voice cloning and TTS powered by Qwen3-TTS. Clone voices from a few seconds of audio, generate speech, multi-track editor — all on your machine. No cloud lock-in, no subscription. Desktop app (Tauri), REST API, fast on Apple Silicon with MLX.
OpenNebula — Cloud & Edge Computing Platform
Open-source platform to build and manage enterprise clouds: VMs, containers, serverless. Simple, flexible, and feature-rich for virtualized and containerized workloads. Self-host your cloud without vendor lock-in — KVM, LXC, Docker, Kubernetes integrations.
CrowdSec — Participative Security Engine
Open-source IDS/IPS and WAF with a crowdsourced blocklist. Detect bad behavior from logs and HTTP, block malicious IPs, contribute back to the network. Scenarios for brute force, port scan, web scan; remediate at app, system, or infra level. Free and community-driven.
BunkerWeb — Open-Source WAF
Next-gen Web Application Firewall and reverse proxy (NGINX-based). Secure by default: HTTPS with Let's Encrypt, ModSecurity + OWASP CRS, antibot, rate limits, bad-IP blocklists. Integrates with Docker, Kubernetes, Linux; optional web UI and plugin system.
Sirius — Vulnerability Scanner
Open-source comprehensive vulnerability scanner with community-driven security intelligence and automated penetration testing. Docker-based; network discovery, CVE assessment, risk scoring, visual scan workflows, dashboards, and REST API. Self-host in minutes.
Aurora — Automated Root Cause Analysis
Automated root cause analysis for SREs using agents. Helps resolve incidents by investigating with LLM-backed agents. Docker Compose stack; optional Vault, connectors. No cloud provider required — just an LLM API key.
Oat — Ultra-Lightweight UI Library
Semantic, minimal HTML + CSS + JS UI library, zero dependencies, ~8KB. No framework or build step — include CSS and JS and build decent-looking web apps. Semantic tags styled out of the box; WebComponents for dynamic bits. Live demo at oat.ink.
Nemesis — Offensive Data Enrichment
Open-source centralized data processing platform for offensive security: ingest, enrich, and analyze files from assessments. Docker + Dapr; functions as an offensive VirusTotal. Collaborative analysis with humans and AI.
Checkmate — Uptime & Infrastructure Monitoring
Open-source, self-hosted uptime and infrastructure monitoring. Track server hardware, uptime, response times, and incidents in real time with clear visualizations. Website, SSL, port, Docker, JSON monitoring; status pages; email, Slack, Discord alerts. Capture agent for host metrics.
Dockform — Declarative Docker Compose
Thin layer on top of Docker Compose for declarative configs. Manage volumes, secrets, and config files across one or more Docker daemons. Auto-discovery of stacks and filesets; SOPS for secrets; multi-context; idempotent plan/apply. Git-friendly and predictable.
Centrifugo — Real-Time Messaging Server
Scalable real-time messaging server: WebSocket, SSE, HTTP-streaming, gRPC. Self-hosted alternative to Pusher, Ably, socket.io. PUB/SUB, channel subscriptions, JWT auth, Redis scaling, message history, presence. For chat, live updates, collaborative tools — language-agnostic.
Guardian — AI-Powered Pen Testing CLI
Production-ready AI-powered penetration testing automation. Uses Gemini, LangChain; 19 integrated security tools (Nmap, Nuclei, httpx, etc.). Step-by-step ethical workflows, evidence capture, multi-format reports. Authorized testing only.
Networking Toolbox — 100+ Offline Tools
All-in-one offline-first networking toolbox for sysadmins. Convert, calculate, diagnose, verify server configs. Docker or static deploy; zero third-party deps. Custom layouts, theming, multi-language.
kftray — kubectl Port-Forward Manager
Kubernetes port-forward manager with auto-reconnect when pods restart. Desktop (tray) and TUI; reverse tunnel (ngrok-like), TLS, HTTP inspection, UDP. Config from filesystem or Git. No kubectl needed.
Excalidraw — Hand-Drawn Whiteboard
Open-source virtual whiteboard for hand-drawn style diagrams. Collaborative, end-to-end encrypted. Infinite canvas, export PNG/SVG, PWA, real-time collab. Embed or self-host.
Documenso — Open-Source DocuSign Alternative
The open-source document signing tool. Self-host for full control; TypeScript, Prisma, Tailwind. Sign documents digitally without vendor lock-in. Trust through transparency.
Chartbrew — Live Dashboards from APIs & DBs
Open-source web app to connect APIs, MongoDB, Firestore, MySQL, PostgreSQL and build charts and dashboards. Chart builder, editable dashboards, embeddable charts, team features.
Usertour — User Onboarding & Product Tours
Open-source alternative to Userflow and Appcues. In-app product tours, checklists, surveys. Multi-page support, user targeting, version control, analytics. Self-host or cloud.
Arcane — Modern Docker Management
Docker management designed for everyone. Self-hosted UI for containers, images, compose. Clean dashboard, multi-host, no vendor lock-in. Go + SvelteKit.
Netdata — Real-Time Observability
AI-powered full-stack observability. Per-second metrics, zero config, ML anomaly detection. Real-time dashboards, alerting, optional cloud. Efficient for lean teams.
WPScan — WordPress Security Scanner
WordPress security scanner for professionals and blog maintainers. Enumerate users, plugins, themes; check vulnerabilities via WPScan API. CLI and Docker. Use only on authorized sites.
Acontext — Agent Memory Stack
Memory stack for production AI agents. Short-term (messages), mid-term (state/trajectories), long-term (skills). Python/TS SDKs; self-host or cloud. Integrates with Claude, OpenAI, AI-SDK.
Qtap — Pre-Encrypted Traffic Capture
eBPF agent that captures traffic before/after TLS encryption. Rich context: process, container, host. Security auditing, API debugging, legacy investigation. Linux, minimal overhead.
useSend — Open-Source Email Sending
Open-source alternative to Resend, Sendgrid, Postmark. Transactional and marketing email, REST API, dashboard (delivered, opened, clicked, bounced), SMTP, webhooks. BYO AWS SES.
Kubesec — Kubernetes Security Analysis
Security risk analysis for Kubernetes resources. Scan manifests for misconfigurations; scoring, remediation advice. CLI, HTTP server, or hosted API. Integrate into CI/CD.
Ubicloud — Open-Source AWS Alternative
Open-source cloud: elastic compute, block storage, firewall, load balancer, managed Postgres, K8s, AI inference, IAM. Run on bare metal (Hetzner, etc.) or use managed service.
NeoHtop — Desktop System Monitor
Blazing-fast cross-platform system monitor. Rust, Tauri, Svelte. Real-time processes, CPU/memory, search, pin, kill. Dark/light themes. Alternative to htop/btop with a modern UI.
OpenSnitch — Linux Application Firewall
GNU/Linux interactive application firewall inspired by Little Snitch. Filter outbound connections, block ads/malware domains, manage nftables from GUI. Multi-node, SIEM integration.
Dockpeek — Docker Container Dashboard
Quick access to Docker container web UIs and image updates across hosts. One-click open dashboards, port mapping, live logs, Traefik labels. Multi-host, update checks.
Pocket ID — OIDC with Passkeys
Simple OIDC provider: authenticate with passkeys only (no passwords). Self-host; Yubikey and WebAuthn. Easier than Keycloak for passkey-only auth. Docker setup.
DockMon — Docker Monitoring & Alerts
Docker container monitoring with auto-restart and alerts. Multi-host, real-time stats and logs, event viewer, Discord/Slack/Telegram/SMTP. Health checks, blackout windows, stack management.
Apprise — Push Notifications Everywhere
One library for 80+ notification services: Telegram, Discord, Slack, email, PagerDuty, ntfy, and more. Python and CLI; config files, attachments. Lightweight, async.
OpenSign — Free DocuSign Alternative
Free and open-source document e-signing. Secure PDF signing, multi-signer, templates, audit trails, API, Drive. Self-host or use hosted. No vendor lock-in.