https://github.com/metlo-labs/metlo

Skip to content Toggle navigation
 
Sign up

  * Product
      +  
        Actions
        Automate any workflow
      +  
        Packages
        Host and manage packages
      +  
        Security
        Find and fix vulnerabilities
      +  
        Codespaces
        Instant dev environments
      +  
        Copilot
        Write better code with AI
      +  
        Code review
        Manage code changes
      +  
        Issues
        Plan and track work
      +  
        Discussions
        Collaborate outside of code
      + Explore
      + All features
      + Documentation
      + GitHub Skills
      + Blog
  * Solutions
      + By Plan
      + Enterprise
      + Teams
      + Compare all
      + By Solution
      + CI/CD & Automation
      + DevOps
      + DevSecOps
      + Case Studies
      + Customer Stories
      + Resources
  * Open Source
      +  
        GitHub Sponsors
        Fund open source developers
      +  
        The ReadME Project
        GitHub community articles
      + Repositories
      + Topics
      + Trending
      + Collections
  * Pricing

[                    ] 

  *  
    #
    In this repository All GitHub |
    Jump to |

  * No suggested jump to results

  *  
    #
    In this repository All GitHub |
    Jump to |
  *  
    #
    In this organization All GitHub |
    Jump to |
  *  
    #
    In this repository All GitHub |
    Jump to |

Sign in
Sign up
{{ message }}
metlo-labs / metlo Public

  * Notifications
  * Fork 6
  * Star 136

Metlo is an open-source API security platform.

metlo.com

License

MIT license
136 stars 6 forks
Star
Notifications

  * Code
  * Issues 1
  * Pull requests 0
  * Actions
  * Projects 0
  * Security
  * Insights

More

  * Code
  * Issues
  * Pull requests
  * Actions
  * Projects
  * Security
  * Insights

metlo-labs/metlo

This commit does not belong to any branch on this repository, and may
belong to a fork outside of the repository.
master
Switch branches/tags
[                    ]
Branches Tags
Could not load branches
Nothing to show
{{ refName }} default View all branches
Could not load tags
Nothing to show
{{ refName }} default
View all tags
16 branches 0 tags
Code

  *  
    Clone
    HTTPS GitHub CLI
    [https://github.com/m]

    Use Git or checkout with SVN using the web URL.

    [gh repo clone metlo-]

    Work fast with our official CLI. Learn more.

  * Open with GitHub Desktop
  * Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

@NikhilShahi
NikhilShahi add NODE_ENV for dev scripts, fix initialization based on
env
...
50df6b3 Oct 13, 2022
add NODE_ENV for dev scripts, fix initialization based on env
50df6b3

Git stats

  * 633 commits

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
Combine frontend and backend workflows (#5)
Aug 14, 2022
backend
add NODE_ENV for dev scripts, fix initialization based on env
Oct 13, 2022
cli
(feature) support env vars for tests
Sep 11, 2022
common
add attack view sessionMeta fields
Oct 11, 2022
deploy
(feature) Add working kubernetes ingest daemonset
Sep 30, 2022
frontend
add warning in generated spec component
Oct 11, 2022
ingestors
(features) Add basic express ingestor
Oct 11, 2022
sample-service/sample-ecommerce
(chore) create user on initialization
Sep 7, 2022
testing
(feature) support env vars for tests
Sep 11, 2022
.dockerignore
backend docker image
Aug 6, 2022
.gitignore
(feature) Add working kubernetes ingest daemonset
Sep 30, 2022
.nvmrc
add nvmrc
Aug 14, 2022
.prettierrc
Prettify all TS/JS files (#14)
Aug 26, 2022
LICENSE
add license
Aug 8, 2022
Makefile
organize kubernetes daemonset
Sep 29, 2022
README.md
Change discord link in README to permanent link
Oct 3, 2022
SECURITY.md
add security policy
Sep 12, 2022
docker-compose-local.yaml
add metlo-config yaml and create sessionMeta for trace
Sep 21, 2022
docker-compose.yaml
add encryption key to ingestor environment
Oct 10, 2022
init.sql
move init sql to root
Aug 25, 2022
metlo-config.yaml
add metlo-config yaml and create sessionMeta for trace
Sep 21, 2022
View code
[                    ]
Metlo API Security Metlo is an open-source API security platform Get
started for free! Features Testing Why Metlo? We're Hiring!
Open-source vs. paid Development

README.md

                                logo

                          Metlo API Security

                          Secure Your API.

---------------------------------------------------------------------
                                  
    Prs Welcome Join Discord Server Github Commit Activity GitHub
                       Workflow Status License

---------------------------------------------------------------------

 Metlo is an open-source API security platform

  * Create an Inventory of all your API Endpoints.
  * Proactively test your APIs before they go into production.
  * Detect API attacks in real time.

 Get started for free!

Run the following in your cloud environment:

git clone https://github.com/metlo-labs/metlo.git
cd metlo
ENCRYPTION_KEY="some random string" EXPRESS_SECRET="some random string" docker-compose up

Now visit http://localhost:8000

See our Docs for an in-depth walk-throughs on how to set up Metlo in
your cloud environment. You can also join our Discord community if
you need help or just want to chat!

 Features

walkthrough

  * Endpoint Discovery - Metlo scans network traffic and creates an
    inventory of every single endpoint in your API.
  * Sensitive Data Scannning - Each endpoint is scanned for PII data
    and given a risk score.
  * Vulnerability Discovery - Get Alerts for issues like
    unauthenticated endpoints returning sensitive data, No HSTS
    headers, PII data in URL params, Open API Spec Diffs and more
  * API Security Testing - Build security tests directly in Metlo
    with a simple HTTP Request editor and javascript assertions.
  * CI/CD Integration - Integrate with your CI/CD to find issues in
    development and staging.
  * Attack Detection - Our ML Algorithms build a model for baseline
    API behavior. Any deviation from this baseline is surfaced to
    your security team as soon as possible. (Coming Soon)
  * Attack Context - Metlo's UI gives you full context around any
    attack to help quickly fix the vulnerability. (Coming Soon)

 Testing

Testing Screenshot

For tests that we can't autogenerate, our built in testing framework
helps you get to 100% Security Coverage on your highest risk APIs.
You can build requests in an http editor and write javascript
assertions to make sure your API is working as intendend.

For example the following checks if an API returns a 401:

m.test("Test Status Code Unauthorized", () => {
    expect(m.response.status).toBe(401)
})

 Why Metlo?

Most businesses have adopted public facing APIs to power their
websites and apps. This has dramatically increased the attack surface
for your business. There's been a 200% increase in API security
breaches in just the last year with the APIs of companies like Uber,
Meta, Experian and Just Dial leaking millions of records. It's
obvious that tools are needed to help security teams make APIs more
secure but there's no great solution on the market.

Some solutions require you to go through sales calls to even try the
product while others have you to send all your API traffic to their
own cloud. Metlo is the first Open Source API security platform that
you can self host, and get started for free right away!

 We're Hiring!

We would love for you to come help us make Metlo better. Come join us
at Metlo!

 Open-source vs. paid

This repo is entirely MIT licensed. Features like user management,
user roles and attack protection require an enterprise license.
Contact us for more information.

 Development

Checkout our development guide for more info on how to develop Metlo
locally.

About

Metlo is an open-source API security platform.

metlo.com

Topics

security monitoring api-gateway cybersecurity application-security 
vulnerabilities vulnerability-detection api-security metlo

Resources

Readme

License

MIT license

Stars

136 stars

Watchers

3 watching

Forks

6 forks

Releases

No releases published

Packages 0

No packages published

Contributors 5

  * @NikhilShahi
  * @akshay288
  * @AHarmlessPyro
  * @snyk-bot
  * @shrisukhani

Languages

  * TypeScript 95.2%
  * Python 3.0%
  * JavaScript 0.9%
  * Shell 0.3%
  * Dockerfile 0.3%
  * CSS 0.2%
  * Makefile 0.1%

Footer

 (c) 2022 GitHub, Inc.

Footer navigation

  * Terms
  * Privacy
  * Security
  * Status
  * Docs
  * Contact GitHub
  * Pricing
  * API
  * Training
  * Blog
  * About

You can't perform that action at this time.
You signed in with another tab or window. Reload to refresh your
session. You signed out in another tab or window. Reload to refresh
your session.