3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 16:59:22 +02:00
Code Issues Projects Releases Packages Wiki Activity
Pomerium is an identity and context-aware access proxy.
2019 commits 175 branches 133 tags 111 MiB
Find a file
bobby 20902a715e
Update security.md (#2959) 
Unfortunately, it looks like all the low-effort security reports we get are coming from this list. Many times, the "researcher" is actually reporting a vulnerability on their own machine (foo.localhost.pomerium.io). 

https://github.com/sushiwushi/bug-bounty-dorks/blob/master/dorks.txt#L70
2022-01-23 17:26:09 -08:00
.devcontainer docs: replace httpbin with verify (#1702) 2020-12-22 09:53:08 -08:00
.github deployment: fix distroless base arch (#2925) 2022-01-12 12:51:47 -05:00
.vscode config related metrics (#2065) 2021-04-07 12:29:36 -07:00
authenticate authenticate: support webauthn redirects to non-pomerium domains (#2936) 2022-01-19 15:10:57 -07:00
authorize handle device states in deny block, fix default device type (#2919) 2022-01-11 11:56:54 -07:00
cmd/pomerium rm cli code (#2824) 2021-12-15 16:25:21 -05:00
config authenticate: support webauthn redirects to non-pomerium domains (#2936) 2022-01-19 15:10:57 -07:00
databroker google: support groups for users outside of the organization (#2950) 2022-01-21 09:36:32 -07:00
docs Update security.md (#2959) 2022-01-23 17:26:09 -08:00
examples Remove references to idp_provider_url for Google. (#2882) 2022-01-07 11:21:01 -06:00
integration integration: fix default port for verify service (#2895) 2022-01-05 12:48:35 -07:00
internal google: support groups for users outside of the organization (#2950) 2022-01-21 09:36:32 -07:00
ospkg deployment: Generate deb and rpm packages (#1458) 2020-09-28 13:33:35 -04:00
pkg devices: shrink credentials by removing unnecessary data (#2951) 2022-01-21 09:32:33 -07:00
proxy config: add internal service URLs (#2801) 2021-12-10 14:04:37 -05:00
scripts DOCS: keyword tag updates (#2922) 2022-01-11 12:36:47 -06:00
.codecov.yml development: change codecov precision 2019-07-18 16:49:37 -07:00
.dockerignore Update build and release process for envoy embedding (#699) 2020-05-18 17:10:10 -04:00
.fossa.yml rm cli code (#2824) 2021-12-15 16:25:21 -05:00
.gitattributes assets: use embed instead of statik (#1960) 2021-03-03 18:56:55 -07:00
.gitignore dev build support for darwin-arm64 from envoy tip (#2815) 2021-12-13 11:37:24 -05:00
.golangci.yml remove deprecated ioutil usages (#2877) 2021-12-30 10:02:12 -08:00
.pre-commit-config.yaml integration: add single-cluster integration tests (#2516) 2021-08-24 15:35:05 -06:00
3RD-PARTY dependencies: vendor base58, remove shortuuid (#2739) 2021-11-02 09:23:15 -06:00
DEBUG.MD deplyoment: add debug build / container / docs (#1513) 2020-10-13 16:54:21 -04:00
Dockerfile deployment: fix distroless base arch (#2925) 2022-01-12 12:51:47 -05:00
Dockerfile.debug deployment: remove DST cert workaround from debug image (#2958) 2022-01-21 17:09:42 -05:00
go.mod chore(deps): bump github.com/open-policy-agent/opa from 0.36.0 to 0.36.1 (#2939) 2022-01-20 10:01:00 -07:00
go.sum chore(deps): bump github.com/open-policy-agent/opa from 0.36.0 to 0.36.1 (#2939) 2022-01-20 10:01:00 -07:00
LICENSE initial release 2019-01-02 12:13:36 -08:00
Makefile add host-rewrite options to config.proto (#2668) 2021-10-08 11:50:56 -04:00
package.json Docs: Update Community Page (#2713) 2021-11-01 09:10:58 -05:00
pomerium.go fix go get, improve redis test (#2450) 2021-08-06 12:07:20 -06:00
README.md docs: grammar-change/link update (#2638) 2021-09-28 16:13:42 -07:00
RELEASING.md v0.15 release notes (#2409) 2021-08-03 21:36:48 -04:00
SECURITY.md symlink security policy to root of project (#2396) 2021-07-26 10:42:21 -07:00
tools.go protoc: add xds repo (#2687) 2021-10-19 14:36:23 -06:00

README.md

pomerium logo

pomerium chat GitHub Actions Go Report Card GoDoc LICENSE Docker Pulls

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.

Pomerium can be used to:

  • provide a single-sign-on gateway to internal applications.
  • enforce dynamic access policy based on context, identity, and device identity.
  • aggregate access logs and telemetry data.
  • a VPN alternative.

Docs

For comprehensive docs, and tutorials see our documentation.