Alternatives to OpenFGA
Compare OpenFGA alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to OpenFGA in 2026. Compare features, ratings, user reviews, pricing, and more from OpenFGA competitors and alternatives in order to make an informed decision for your business.
-
1
Frontegg
Frontegg
Frontegg is a Customer Identity and Access Management (CIAM) platform that simplifies authentication, authorization, and user management for SaaS companies. It enables developers to implement advanced identity features quickly, then shift ongoing administration to other teams. With Frontegg, Product, Infosec, and Customer Success teams can take control of key identity tasks like managing user roles, enforcing security policies, and handling customer requests, all without engineering support. Developers reduce toil and regain focus on core product work, while stakeholders move faster without bottlenecks. Frontegg supports modern identity features including SSO, MFA, role-based access control, entitlements, multi-tenancy, and audit logs. Its low-code platform integrates in days and provides a user-friendly admin portal that bridges technical and non-technical teams. Frontegg increases operational efficiency, improves security posture, and enhances the customer experience. -
2
Auth0
Okta
Auth0 takes a modern approach to Identity, providing secure access to any application, for any user. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. Auth0 is part of Okta, The World’s Identity Company™. Auth0 lets you quickly integrate authentication and authorization for web, mobile, and legacy applications, with new Fine Grained Authorization (FGA) that goes beyond role-based access control. Authenticate users across all applications with a customized, secure, and standards-based single login. Universal Login connects users to a central authorization server. Credentials aren’t transferred across sources, which boosts security and protects against phishing and credential stuffing attacks. OAuth 2.0 recommends that only external user agents (like the browser) be used by native applications for authentication flows. Auth0’s Universal Login achieves this while enabling SSO. -
3
Passwork
Passwork
Passwork is an on-premise corporate password manager built for security-conscious organizations. Developed and headquartered in Europe (Barcelona, Spain), Passwork meets GDPR, NIS2, ENS and other European regulatory requirements by design. All passwords and credentials are stored exclusively on your own server. Double-layer AES-256 encryption (server-side and client-side) with zero-knowledge architecture means your data stays within your infrastructure, fully under the control of your system administrators. Passwork is ISO/IEC 27001 certified. Your data never leaves your infrastructure. Trusted by enterprises for secure password sharing, privileged access management, and centralized credential governance.Starting Price: 3€ -
4
Kinde
Kinde
Authentication happens at some of the most important, and highly impactful, places in your customers' journey. Take control of user authorization with a passwordless authentication, social integrations, and enterprise SSO. Support the branding of all your customers with custom domains and a fully customisable UI by bringing your own pages and designs. Integrate with complex requirements and run your own code during authentication using our powerful workflows. Organise all your business customers using organizations to easily segergate them and fine tune the authentication experience to their individual needs. Monetize your ideas quickly with Kinde's billing tools. Create subscription plans and collect revenue effortlessly. Kinde adapts to your business model, supporting B2C, B2B, and B2B2C with robust organization management and flexible billing logic that scales with your customers.Starting Price: Free -
5
SolarWinds Access Rights Manager
SolarWinds
SolarWinds® Access Rights Manager is designed to assist IT & security administrators in quickly & easily provisioning, deprovisioning, managing, & auditing user access rights to systems, data, & files, so they can help protect their organizations from the potential risks of data loss and breaches. By analyzing user authorizations & access permissions, you get visualization of who has access to what, and when they accessed it. Customized reports can be generated to help demonstrate compliance with many regulatory requirements. Provision & deprovision users via role-specific templates to help assure conformity of access privilege delegation, in alignment with security policies. -
6
Zluri
Zluri
Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management, Access Management, and Access Review capabilities. Zluri empowers IT and Security teams to gain visibility into their SaaS landscape, unlock recurring savings, & securely manage access with provisioning and de-provisioning of users. Zluri’s technology is powered by an Authknox engine, and assisted by an Automation engine, enabling companies to navigate & control complex SaaS ecosystems easily. Trusted by over 250 global customers, Zluri is committed to delivering innovative, reliable, and scalable solutions that empower organizations to optimize their SaaS usage, ensure compliance, and enhance Access Management practices. -
7
Casbin
Casbin
Casbin is an open-source authorization library that supports various access control models, including Access Control Lists (ACL), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). It is implemented in multiple programming languages such as Golang, Java, C/C++, Node.js, JavaScript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter), and Elixir, providing a consistent API across different platforms. Casbin abstracts access control models into configuration files based on the PERM metamodel, allowing developers to switch or upgrade authorization mechanisms by simply modifying configurations. It offers flexible policy storage options, supporting various databases like MySQL, PostgreSQL, Oracle, MongoDB, Redis, and AWS S3. The library also features a role manager to handle RBAC role hierarchies and supports filtered policy management for efficient enforcement.Starting Price: Free -
8
Permify
Permify
Permify is an authorization service designed to help developers build and manage fine-grained, scalable access control systems within their applications. Inspired by Google's Zanzibar, Permify enables the structuring of authorization models, storage of authorization data in preferred databases, and interaction with its API to handle authorization queries across various applications and services. It supports multiple access control models, including Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC), allowing for the creation of granular permissions and policies. Permify centralized authorization logic, abstracting it from the codebase to facilitate easier reasoning, testing, and debugging. It offers flexible policy storage options and provides a role manager to handle RBAC role hierarchies. The platform also supports filtered policy management for efficient enforcement in large, multi-tenant environments.Starting Price: Free -
9
Aserto
Aserto
Aserto helps developers build secure applications. It makes it easy to add fine-grained, policy-based, real-time access control to your applications and APIs. Aserto handles all the heavy lifting required to achieve secure, scalable, high-performance access management. It offers blazing-fast authorization of a local library coupled with a centralized control plane for managing policies, user attributes, relationship data, and decision logs. And it comes with everything you need to implement RBAC or fine-grained authorization models, such as ABAC, and ReBAC. Take a look at our open-source projects: - Topaz.sh: a standalone authorizer you can deploy in your environment to add fine-grained access control to your applications. Topaz lets you combine OPA policies with Zanzibar’s data model for complete flexibility. - OpenPolicyContainers.com (OPCR) secures OPA policies across the lifecycle by adding the ability to tag, verStarting Price: $0 -
10
Identity Confluence
Tech Prescient
Identity Confluence is an intelligent Identity Governance and Administration (IGA) platform designed to help IT and security teams manage access, automate identity lifecycles, and maintain continuous compliance across cloud and hybrid environments. Built for modern enterprises, Identity Confluence unifies identity lifecycle management, access control, and governance into a single, scalable platform. Automate Joiner-Mover-Leaver (JML) processes, enforce policy-based access controls (RBAC, ABAC, PBAC), and conduct real-time user access reviews—all from one intuitive interface. Key Features: Lifecycle Automation: Trigger real-time provisioning and deprovisioning across HR, IT, and business systems. Access Controls: Implement dynamic, fine-grained access policies using roles, attributes, and policies. App & Directory Integrations: Out-of-the-box connectors for AD, Azure AD, Okta, Workday, SAP, and more. Access Reviews: Automate certifications, enforce Segregation of Duties -
11
Cedar
Amazon
Cedar is an open source policy language and evaluation engine developed by AWS to facilitate fine-grained access control in applications. It enables developers to define clear and concise authorization policies, decoupling access control from application logic. Cedar supports common authorization models, including role-based access control and attribute-based access control, allowing for expressive and analyzable policy definitions. Its design emphasizes readability and performance, ensuring that policies are both easy to understand and efficient to enforce. By integrating Cedar, applications can make precise authorization decisions, enhancing security and maintainability. The policy structure is designed to be indexed for quick retrieval and to support fast and scalable real-time evaluation, with bounded latency. It enables analyzer tools capable of optimizing your policies and proving that your security model is what you believe it is.Starting Price: Free -
12
TrustLogix
TrustLogix
The TrustLogix Cloud Data Security Platform breaks down silos between data owners, security owners, and data consumers with simplified data access management and compliance. Discover cloud data access issues and risks in 30 minutes or less, without requiring visibility to the data itself. Deploy fine-grained attribute-based access control (ABAC) and role-based access control (RBAC) policies and centrally manage your data security posture across all clouds and data platforms. TrustLogix continuously monitors and alerts for new risks and non-compliance such as suspicious activity, over-privileged accounts, ghost accounts, and new dark data or data sprawl, thus empowering you to respond quickly and decisively to address them. Additionally, alerts can be reported to SIEM and other GRC systems. -
13
CyberArk Conjur
CyberArk
A seamless open source interface to securely authenticate, control and audit non-human access across tools, applications, containers and cloud environments via robust secrets management. Secrets grant access to applications, tools, critical infrastructure and other sensitive data. Conjur secures this access by tightly controlling secrets with granular Role-Based Access Control (RBAC). When an application requests access to a resource, Conjur authenticates the application, performs an authorization check against the security policy and then securely distributes the secret. Security policy as code is the foundation of Conjur. Security rules are written in .yml files, checked into source control, and loaded onto the Conjur server. Security policy is treated like any other source control asset, adding transparency and collaboration to the organization’s security requirements. -
14
AuthZed
AuthZed
Unblock your business with an authorization system inspired by Google's Zanzibar white paper. As the creators of SpiceDB, the AuthZed team delivers enterprise-ready permissions systems built for scale and security. The most mature open source Zanzibar implementation designed for both consistency and performance at scale. Define fine-grained access for any object in your application or across your product suite and manage permissions using a centralized schema. Specify consistency requirements per authorization check; tunable consistency features balance performance and correctness according to your use case. SpiceDB returns lists of authorized subjects and accessible resources, helpful when pre-filtering permission-based results. Instrumented with observability tooling, a powerful Kubernetes operator, and load-testing capabilities, SpiceDB prioritizes both developer and platform engineering experiences. -
15
Hexnode IdP
Hexnode
Hexnode IdP is an identity provider designed to help organizations manage authentication, access control, and identity governance from a centralized platform. It enables IT and security teams to verify user identities and enforce secure access to enterprise applications, devices, and resources. By combining identity verification with real-time device posture evaluation, Hexnode IdP supports a Zero Trust approach to access management. The platform includes capabilities such as single sign-on (SSO), multi-factor authentication (MFA), role-based access control (RBAC), and conditional access policies. These controls allow organizations to ensure that only authorized users on compliant devices can access sensitive systems and data. By centralizing authentication and access policies in a single console, organizations can simplify identity management while improving overall security visibility and control. -
16
Delinea Server Suite
Delinea
Easily consolidate complex and disparate identities for Linux and Unix within Microsoft Active Directory. Minimize the risk of a breach and reduce lateral movement with a flexible, just-in-time privilege elevation model. Advanced session recording, auditing, and compliance reporting aid forensic analysis into abuse of privilege. Centralize discovery, management, and user administration for Linux and UNIX systems to enable rapid identity consolidation into Active Directory. Privileged Access Management best practices are easy to follow with the Server Suite. The results are higher levels of identity assurance and a significantly reduced attack surface with fewer identity silos, redundant identities, and local accounts. Manage privileged user and service accounts from Windows and Linux in Active Directory. Just-in-time, fine-grained access control with RBAC and our patented Zones technology. Complete audit trail for security review, corrective action, and compliance reporting. -
17
Styra
Styra
The fastest and easiest way to operationalize Open Policy Agent across Kubernetes, Microservices or Custom APIs, whether you're a developer, an admin, or a bit of both. Need to limit which folks can access your pipeline, based on who is currently on call? Simple. Want to define which microservices can access PCI data? We got you. Have to prove compliance with regulations across your clusters? No sweat. Built on open-source, and declarative by design, Styra Declarative Authorization Service gives you a turnkey OPA control plane to mitigate risk, reduce human error, and accelerate development. A built-in library of policies. Built on our OPA project let you implement and customize authorization policy-as-code. Pre-running lets you monitor and validate policy changes before committing, to mitigate risk before deployment. Declarative model defines desired state to prevent security drift and eliminate errors, before they can occur.Starting Price: $70 per month -
18
ZITADEL
ZITADEL
ZITADEL is an open-source identity and access management platform designed to simplify authentication and authorization for applications. It offers a comprehensive suite of features, including customizable hosted login pages, support for modern authentication methods such as Single Sign-On (SSO) and social logins, and enforcement of multifactor authentication to enhance security. Developers can integrate authentication directly into their applications using ZITADEL's APIs or build dedicated login interfaces. The platform supports role-based access control, allowing for precise permission assignments based on user roles, and is inherently multi-tenant, facilitating easy extension of applications to new organizations. ZITADEL's extensibility enables seamless adaptation to various workflows, user management processes, and brand guidelines, with features like ZITADEL Actions that execute workflows after predefined events without the need for additional code deployment.Starting Price: $100 per month -
19
Oso Cloud
Oso
Customers want features that you can’t build without a refactor. Your code is hand-rolled, fragile and hard to debug. It’s spread throughout the codebase and relies on data from multiple sources. There’s no one place to see who has access to what, that authorization is working, or why requests are or are not authorized. Lay out who's allowed to do what in Workbench, our visual rules editor Start with primitives for common patterns like multi-tenancy and RBAC Extend your logic with custom rules in Polar, our configuration language for authorization. Send core authorization data, like roles and permissions. Make authorization checks and filter lists based on authorization where you used to have IF statements and custom SQL.Starting Price: $149 per month -
20
Access Auditor
Security Compliance Corp
Access Auditor automates user entitlement reviews and user access reviews. Access Auditor also alerts on changes in user access rights, and watches for separation of duties violations, and shows who has access to what. Users can be imported from any AD/LDAP, Database, or any REST API. Enterprise roles (RBAC) can be modeled and defined, allowing full RBAC reviews and provisioning. Access Manager leverages the same ease-of-use to automate the provisioning and management of user access rights. Any system with a database, LDAP, or REST API can be automatically managed via role based access controls. SCC’s powerful and simple approach to Identity Management enables a very rapid success at a low overall cost. With a 100% customer success rate, Access Auditor is the fastest and simplest solution available and can automate your user access reviews in under a week. -
21
Manages users, groups and roles. Authentication, delegation, authorization and auditing. Role-based access control, entitlements and time-based access rules. Manages access control policies for Web, Java and CORBA® resources. Manages access control policies for fine-grain application data and/or features. Central administration with flexible deployment options. Features specifically designed to aid in meeting privacy legislation. Supports integration with existing security infrastructure. Provides foundation for orb2 for Java Security Services.
-
22
Logto
Silverhand
Logto is an Auth0 alternative designed for modern apps and SaaS products. It offers a seamless developer experience and is well-suited for individuals and growing companies. 🧑💻 Comprehensive identity solution Enables easy authentication with Logto SDKs. Supports multiple passwordless and social sign-in methods. Offers customizable UI components to match your brand. 📦 Out-of-the-box infrastructure eliminates the need for extra setup. Provides ready-to-use Management API Offers flexible connectors for customization and scaling, and is customized with SAML, OAuth, and OIDC protocols. 💻 Enterprise-ready with role-based access control (RBAC), organizations (multi-tenant apps), user management, audit logs, single sign-on (SSO), and multi-factor authentication (MFA).Starting Price: $0 -
23
Clarity Security
Clarity Security
Eliminate audit angst with 10-minute user access reviews, flexible provisioning/de-provisioning workflows, and audit-friendly reporting, all in one simple, scalable IGA platform. White-glove onboarding takes the burden of implementing a solution off of team members reducing the impact on other IT initiatives. Automated evidence collection into a downloadable ledger mitigates the need for wasted time gathering spreadsheets, screenshots, etc. Nested entitlements and Clarity Explorer provide insight into what’s giving users access and why they’re being granted that access. True role-based access control (RBAC) and automated workflows for full alignment with your organizational structure and needs. Unlike "traditional" manual methods, Clarity has everything you need to quickly upgrade your identity governance program and seamlessly adapt it as your organization grows. Fast reviews for certifying user access, entitlements, roles, application access, and more. -
24
Devolutions Workspace
Devolutions
Workplace passwords are everywhere—apps, websites, servers. Devolutions Workspace brings them together in one interface that works across Windows, macOS, Linux, iOS, Android, and browsers. Users can autofill credentials, manage entries based on role-based access control (RBAC), and respond to time-sensitive access requests—without ever seeing the raw passwords. Workspace includes multi-factor authentication (MFA) through Devolutions Authenticator, secure in-app messaging, and offline mode. Admins can enforce strong policies, while end-users enjoy a frictionless login experience. The Workforce Password Management package is the backbone. It connects Workspace to centralized credential storage using either cloud-based Devolutions Hub or self-hosted Devolutions Server, depending on your infrastructure needs. This combination gives growing teams the structure they need to eliminate password chaos and strengthen access governance—without the complexity or cost of legacy solutions.Starting Price: $3/month/user -
25
Delinea Cloud Access Controller
Delinea
Gain granular control over web applications and web-based cloud management platforms. Delinea's Cloud Access Controller provides a comprehensive PAM solution that operates at cloud speed and is quick to deploy and secure access to any web application. With Cloud Access Controller, you can easily integrate your existing authentication solutions with any web application without having to write any additional code. Apply granular RBAC policies that enforce least privilege and zero trust initiatives, even to custom and legacy web applications. Specify what an individual employee is allowed to read or modify within any web application. Grant, manage and revoke access to cloud applications. Specify who gets access to what, at a granular level. Track usage of each and every cloud application. Clientless session recording without agents. Secure access to all web applications, including social media, custom, and legacy web applications. -
26
NextLabs
NextLabs
NextLabs CloudAz is a zero trust policy platform that enforces security policies consistently across the enterprise and beyond. It’s powered by a patented dynamic authorization policy engine and is the backbone of NextLabs’ Data Centric Security Suite consisting of Entitlement Management, Data Access Security, and Digital Rights Management (DRM) products. CloudAz integrates automated data classification, attribute-based access control (ABAC), data masking & segregation, digital rights (DRM) protection, and audit capabilities into one powerful platform that enables you to better align policies with rapidly changing business requirements while keeping up with the increasing cybersecurity challenge. The platform can be delivered either on-premises or in the cloud. -
27
Adaxes
Softerra
Adaxes is a management and automation solution that provides enhanced administration experience to Active Directory, Exchange and Microsoft 365 environments. Adaxes features a rule-based platform for Active Directory, Exchange and Microsoft 365 automation, provides an enhanced web-based management environment, gives you a role-based access control model for delegating privileges, adds security with approval-based workflow, allows enforcing corporate data standards and much more. With Adaxes all user lifecycle management procedures can be fully automated, including provisioning, re-provisioning and deprovisioning in Active Directory and connected systems, such as Exchange, Microsoft 365 and Skype for Business. Adaxes Web Interface allows managing Active Directory from any device via a standard web browser. It provides a clean and intuitive UI for admins, help desk and other staff to execute their AD administration tasks and a self-service portal for regular users.Starting Price: $1,600 one-time payment -
28
Oracle Cloud Functions
Oracle
Oracle Cloud Infrastructure (OCI) Functions is a serverless computing service that enables developers to create, run, and scale applications without managing infrastructure. Built on the open source Fn Project, it supports multiple programming languages, including Python, Go, Java, Node.js, and C#, allowing for flexible function development. Developers can deploy code directly, with OCI handling automatic provisioning and scaling of resources. It offers provisioned concurrency to maintain low-latency execution, ensuring functions are ready to accept calls instantly. A catalog of prebuilt functions is available, enabling rapid deployment of common tasks without the need to write code from scratch. Functions are packaged as Docker images, and advanced users can utilize Dockerfiles to customize runtime environments. Integration with Oracle Identity and Access Management provides fine-grained access control, while OCI Vault securely stores sensitive configuration data.Starting Price: $0.0000002 per month -
29
sourcehut
sourcehut
SourceHut is a suite of open source tools designed for efficient software development, offering Git and Mercurial hosting, mailing lists, bug tracking, continuous integration, and more. It emphasizes privacy and simplicity, featuring no tracking or advertising, and ensuring all functionalities operate without JavaScript. Users can manage public, private, and "unlisted" repositories with fine-grained access control, including options for users without accounts. SourceHut's continuous integration system supports fully virtualized builds on various Linux distributions and BSDs, allowing for ad-hoc job submissions without pushing to repositories, and provides post-build triggers for email and webhooks. It also includes mailing lists with web-based patch review tools and searchable archives, focused ticket tracking for actionable tasks, and hosted real-time chat services via IRC.Starting Price: Free -
30
Amazon Verified Permissions
Amazon
Amazon Verified Permissions is a fully managed authorization service that uses the provably correct Cedar policy language, so you can build more secure applications. With Verified Permissions, developers can build applications faster by externalizing authorization and centralizing policy management. They can also align authorization within the application with Zero Trust principles. Security and audit teams can better analyze and audit who has access to what within applications. Accelerate application development by decoupling authorization from business logic. Protect application resources and manage user access to the principle of least privilege. Amazon Verified Permissions is a fully managed, Cedar-compatible permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive, performant, and analyzable open source policy language, developers and admins can define policy-based access controls.Starting Price: $0.00015 per request -
31
E2B
E2B
E2B is an open source runtime designed to securely execute AI-generated code within isolated cloud sandboxes. It enables developers to integrate code interpretation capabilities into their AI applications and agents, facilitating the execution of dynamic code snippets in a controlled environment. The platform supports multiple programming languages, including Python and JavaScript, and offers SDKs for seamless integration. E2B utilizes Firecracker microVMs to ensure robust security and isolation for code execution. Developers can deploy E2B within their own infrastructure or utilize the provided cloud service. The platform is designed to be LLM-agnostic, allowing compatibility with various large language models such as OpenAI, Llama, Anthropic, and Mistral. E2B's features include rapid sandbox initialization, customizable execution environments, and support for long-running sessions up to 24 hours.Starting Price: Free -
32
Jmix
Haulmont Technology
Discover a rapid application development platform that supercharges your digital initiatives without low-code limitations, vendor dependency, and usage-based fees. Jmix general purpose open architecture based on a future-proof technology stack is capable to support various digital initiatives across the organization. Jmix applications are indeed yours and can be supported independently thanks to open-source runtime utilizing mainstream technologies. Your data is secure with a server-side frontend development model and fine-grained access control. Any Java or Kotlin developer is a full-stack Jmix developer - you don’t need separate backend and frontend teams. Visual tools help onboard developers who have little experience or move from an obsolete stack. Jmix’s data-centric approach and single development language make it a natural fit to migrate legacy applications. Jmix supercharges your team with high-productivity tools and ready-to-use components.Starting Price: $45 per month -
33
Bravura Identity
Bravura Security
Bravura Identity is an integrated solution for managing identities, groups and security entitlements across systems and applications. It ensures that users are granted access quickly, that entitlements are appropriate to business need and that access is revoked once no longer needed. Users have too many login IDs. A typical user in a large organization may sign into 10 to 20 internal systems. This complexity creates real business problems. Bravura Identity manages the lifecycles of identities, accounts, groups and entitlements. It includes automation to grant and revoke access, after detecting changes on systems of record. A web portal for access requests, profile updates and certification. Full lifecycle management for groups and roles on target systems. A workflow manager to invite people to approve requests, review access or complete tasks. Policy enforcement related to SoD, RBAC, risk scores, privacy protection and more. Reports, dashboards and analytics. -
34
PlainID
PlainID
PlainID is The Authorization Company. PlainID provides both Business AND Admin teams with a simple and intuitive means to control their organization’s entire authorization process, all based on your own business logic. The platform allows you to implement literally any kind of rules you could imagine, all without coding, and all in fine grained detail. PlainID simplifies Authorization so that thousands of Roles, Attributes and even Environmental Factors can be converted into a few logical SmartAuthorization policies using our Graph Database Decision Engine. In-depth Analytics and Insights: PlainID provides unobstructed visibility with a full audit trail. Compliance, regulation and audit requirements, they’re easy to manage on a simple graph-based UI. Access is determined dynamically and in real time, based on user attributes, environmental attributes (time, location, etc.) as well as event based authorizations. PlainID combines ABAC & RABC to a united policy. -
35
PlayCode
PlayCode
The #1 JavaScript playground and sandbox to write, run and repl it. JavaScript playground is perfect for learning and prototyping javascript sandboxes. Fast and easy to use. Start a JavaScript playground project using ready-to-use templates. JavaScript is one of the most popular languages for web development. It is needed in order to make web pages alive. Today JavaScript can be run not only in the browser but also on the server. Learning, practicing and prototyping is much easier right in the javascript playground because the browser is designed to run javascript. This is the perfect coding IDE. In turn, PlayCode tries to use all the browser features to ensure maximum, comfortable run javascript sandbox. Read, evaluate, print, and loop, a simple pre-configured coding environment that quickly shows the JavaScript execution result. So, you just open PlayCode without installing anything, write code, and JavaScript playground runs your code instantly and shows the result.Starting Price: $4.99 per month -
36
Azure Resource Manager
Microsoft
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment. When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request. Resource Manager sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools. All capabilities that are available in the portal are also available through PowerShell, Azure CLI, REST APIs, and client SDKs. Functionality initially released through APIs will be represented in the portal within 180 days of initial release. -
37
SecuPi
SecuPi
SecuPi provides an overarching data-centric security platform, delivering fine-grained access control (ABAC), Database Activity Monitoring (DAM) and de-identification using FPE encryption, physical and dynamic masking and deletion (RTBF). SecuPi offers wide coverage across packaged and home-grown applications, direct access tools, big data, and cloud environments. One data security platform for monitoring, controlling, encrypting, and classifying data across all cloud & on-prem platforms seamlessly with no code changes. Agile and efficient configurable platform to meet current & future regulatory and audit requirements. No source-code changes with fast & cost-efficient implementation. SecuPi’s fine-grain data access controls protect sensitive data so users get access only to data they are entitled to view, and no more. Seamlessly integrate with Starburst/Trino for automated enforcement of data access policies and data protection operations. -
38
System Frontier
Noxigen
PowerShell web front end with role based access control, auditing and remote management tools. Delegate granular permissions to manage servers, workstations, network devices and user accounts. Privileged Access Management (PAM). Let System Frontier do all the heavy lifting so you can focus on your enabling your IT teams to get more done without having more permissions than needed.Starting Price: $5 -
39
Codestral
Mistral AI
We introduce Codestral, our first-ever code model. Codestral is an open-weight generative AI model explicitly designed for code generation tasks. It helps developers write and interact with code through a shared instruction and completion API endpoint. As it masters code and English, it can be used to design advanced AI applications for software developers. Codestral is trained on a diverse dataset of 80+ programming languages, including the most popular ones, such as Python, Java, C, C++, JavaScript, and Bash. It also performs well on more specific ones like Swift and Fortran. This broad language base ensures Codestral can assist developers in various coding environments and projects.Starting Price: Free -
40
BigLake
Google
BigLake is a storage engine that unifies data warehouses and lakes by enabling BigQuery and open-source frameworks like Spark to access data with fine-grained access control. BigLake provides accelerated query performance across multi-cloud storage and open formats such as Apache Iceberg. Store a single copy of data with uniform features across data warehouses & lakes. Fine-grained access control and multi-cloud governance over distributed data. Seamless integration with open-source analytics tools and open data formats. Unlock analytics on distributed data regardless of where and how it’s stored, while choosing the best analytics tools, open source or cloud-native over a single copy of data. Fine-grained access control across open source engines like Apache Spark, Presto, and Trino, and open formats such as Parquet. Performant queries over data lakes powered by BigQuery. Integrates with Dataplex to provide management at scale, including logical data organization.Starting Price: $5 per TB -
41
Tidelift
Tidelift
Managed open source. Backed by maintainers. Customizable catalogs of known-good, proactively maintained JavaScript, Python, Java, PHP, Ruby, and .NET components. The Tidelift Subscription: Build your applications with enterprise-grade open source. Focus your time and effort on what you’re building—not what you’re building it with. The Tidelift Subscription is a managed open source subscription for application dependencies covering thousands of open source projects across JavaScript, Python, Java, PHP, Ruby, .NET, and more. Speed up application development, save money, and reduce risk when building apps with open source. Your engineers need access to open source dependencies to build the applications your business users and customers need. Your business policies demand that those applications only be built with “good” dependencies. Determining which dependencies are “good” is an intense, on-going effort.Starting Price: $1,500 per month -
42
Lunary
Lunary
Lunary is an AI developer platform designed to help AI teams manage, improve, and protect Large Language Model (LLM) chatbots. It offers features such as conversation and feedback tracking, analytics on costs and performance, debugging tools, and a prompt directory for versioning and team collaboration. Lunary supports integration with various LLMs and frameworks, including OpenAI and LangChain, and provides SDKs for Python and JavaScript. Guardrails to deflect malicious prompts and sensitive data leaks. Deploy in your VPC with Kubernetes or Docker. Allow your team to judge responses from your LLMs. Understand what languages your users are speaking. Experiment with prompts and LLM models. Search and filter anything in milliseconds. Receive notifications when agents are not performing as expected. Lunary's core platform is 100% open-source. Self-host or in the cloud, get started in minutes.Starting Price: $20 per month -
43
TruLens
TruLens
TruLens is an open-source Python library designed to systematically evaluate and track Large Language Model (LLM) applications. It provides fine-grained instrumentation, feedback functions, and a user interface to compare and iterate on app versions, facilitating rapid development and improvement of LLM-based applications. Programmatic tools that assess the quality of inputs, outputs, and intermediate results from LLM applications, enabling scalable evaluation. Fine-grained, stack-agnostic instrumentation and comprehensive evaluations help identify failure modes and systematically iterate to improve applications. An easy-to-use interface that allows developers to compare different versions of their applications, facilitating informed decision-making and optimization. TruLens supports various use cases, including question-answering, summarization, retrieval-augmented generation, and agent-based applications.Starting Price: Free -
44
Arcade
Arcade
Arcade.dev is an AI tool-calling platform that enables AI agents to securely perform real-world actions, like sending emails, messaging, updating systems, or triggering workflows, through authenticated, user-authorized integrations. By acting as an authenticated proxy based on the OpenAI API spec, Arcade.dev lets models invoke external services (such as Gmail, Slack, GitHub, Salesforce, Notion, and more) via pre-built connectors or custom tool SDKs, managing authentication, token handling, and security seamlessly. Developers work with a unified client interface (arcadepy for Python or arcadejs for JavaScript), facilitating tool execution and authorization without burdening application logic with credentials or API specifics. It supports secure deployments in the cloud, private VPCs, or on premises, and includes a control plane for managing tools, users, permissions, and observability.Starting Price: $50 per month -
45
Devolutions Gateway
Devolutions
Traditional remote access tools like VPNs (Virtual Private Network) can introduce complexity, performance issues, and security gaps. Devolutions Gateway offers a safer alternative: lightweight, memory-safe tunnels that open only when needed. Whether you're managing external contractors or remote IT teams, sessions are relayed securely without exposing backend servers. Gateway supports RDP (Remote Desktop Protocol), SSH (Secure Shell), VNC (Virtual Network Computing), PowerShell, and more—all brokered through just-in-time (JIT) access using pre-authorized tokens. The Remote Access Management package adds everything needed: Devolutions Launcher for one-click access, Hub or Server for storing and controlling credentials, and role-based access control (RBAC) to ensure each user sees only what they’re authorized. Every action is logged. Together, they replace VPNs with an auditable, fast, and flexible access model - ideal for organizations that prioritize security and ease of use.Starting Price: $20/month/user -
46
Gate22
ACI.dev
Gate22 is an enterprise-grade AI governance and MCP (Model Context Protocol) control platform that centralizes, secures, and observes how AI tools and agents access and use MCP servers across an organization. It lets administrators onboard, configure, and manage both external and internal MCP servers with fine-grained, function-level permissions, team-based access control, and role-based policies so that only approved tools and functions can be used by specific teams or users. Gate22 provides a unified MCP endpoint that bundles multiple MCP servers into a simplified interface with just two core functions, so developers and AI clients consume fewer tokens and avoid context overload while maintaining high accuracy and security. The admin view offers a governance dashboard to monitor usage patterns, maintain compliance, and enforce least-privilege access, while the member view gives streamlined, secure access to authorized MCP bundles.Starting Price: Free -
47
Nitric
Nitric
Nitric is an open source, cloud-agnostic backend framework that enables developers to declare infrastructure as code and automate deployments using pluggable plugins. It supports multiple languages, including JavaScript, TypeScript, Python, Go, and Dart. Key features include defining APIs (REST, HTTP), serverless functions, routing, authentication/authorization (OIDC-compatible), storage (object/file storage, signed URLs, bucket events), databases (e.g., managed Postgres with migrations), messaging (queues, topics, pub/sub), websockets, scheduled tasks, and secrets management. Nitric integrates with tools like Terraform or Pulumi, or lets you write your own plugins, and works with major cloud providers (AWS, Azure, Google Cloud). It also supports local development with simulated cloud environments so you can prototype, test, and iterate without incurring cloud cost. The framework emphasizes declarative security, resource access management, and portability.Starting Price: Free -
48
OpenEBS
OpenEBS
OpenEBS builds on Kubernetes to enable Stateful applications to easily access Dynamic Local PVs or Replicated PVs. By using the Container Attached Storage pattern users report lower costs, easier management, and more control for their teams. OpenEBS is a 100% Open Source CNCF project made by MayaData & the community. Prominent users include Arista, Optoro, Orange, Comcast and the CNCF itself. Automated provisioning and storage replication across pods is challenging. OpenEBS makes complex cross-cloud stateful application storage easy. Unlike CSI plugins or Linux kernel dependent software, OpenEBS runs entirely in userspace, making deployment and maintenance a snap. The largest, most active Kubernetes storage project with the biggest user base and community, OpenEBS is built by K8s SREs, and experts just like you, tailored to their needs. OpenEBS orchestrates storage for any Kubernetes stack. -
49
Basejump
Basejump
Basejump is an open-source SaaS starter kit that enhances Supabase applications by adding authentication, personal and team accounts, member permissions, and subscription billing management through Stripe. Developers can integrate Basejump into existing projects with a single migration file, utilizing Supabase libraries across various programming languages such as JavaScript, Python, Go, and Swift. The platform offers customizable React components built on shadcn and Tailwind CSS, facilitating rapid deployment with full control over the user interface. Basejump leverages Supabase's Row Level Security (RLS) policies to enforce data access restrictions based on user roles, ensuring secure and efficient permission management. All data is stored within the user's Supabase database, allowing for extensive customization and extension with additional tables as needed. This flexibility enables developers to use Basejump as a standalone authentication and billing system.Starting Price: Free -
50
PingDataGovernance
Ping Identity
Digital transactions and data are exploding, but authorization logic is scattered across your enterprise. Updating, auditing and managing that logic can be tedious or even impossible. PingDataGovernance provides centralized authorization policies that can evaluate identity attributes, entitlements, consents, the requesting app or other contextual information to authorize critical actions and the retrieval of high-value data. You’ll have the agility to react instantly without sacrificing security or regulatory compliance. Anyone can update policies in minutes with a simple drag-and-drop UI. And you can choose which teams it’s most appropriate to give access to so they can manage policies—or any portion of them. Unlike traditional role-based access control (RBAC), dynamic authorization assembles key contextual data attributes and evaluates the validity of access requests in real time. This lets you centrally enforce policies to comply with regulatory requirements.
