435f49738d
Technology forecast and strategic review restructure: - Remove 13 components (backstage, mongodb, activemq, vitess, airflow, camel, dapr, superset, searxng, langserve, trino, lago, rabbitmq) - Add 10 components (sigstore, syft-grype, nemo-guardrails, langfuse, reloader, matrix, ferretdb, litmus, livekit, coraza) - Rename product: Synapse → Axon (SaaS LLM Gateway) - Merge products: Titan + Fuse → Fabric (Data & Integration) - New product: Relay (Communication) - Replace Backstage with Catalyst IDP - Replace MongoDB with FerretDB (MongoDB wire protocol on CNPG) - Add supply chain security (Sigstore/Cosign, Syft+Grype) - Add AI safety and observability (NeMo Guardrails, LangFuse) - Add technology forecast 2027-2030 document - Full verification pass: zero stale references across all docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.0 KiB
1.0 KiB
Coraza
Web Application Firewall with OWASP Core Rule Set.
Category: WAF | Type: Mandatory
Overview
Coraza is a high-performance WAF that integrates with Cilium/Envoy to provide application-layer protection using the OWASP Core Rule Set (CRS). Protects against SQL injection, XSS, and other OWASP Top 10 threats.
Key Features
- OWASP Core Rule Set (CRS) compliance
- Envoy external processing filter integration
- Request/response inspection
- Custom rule support
- Low-latency inline processing
Integration
| Component | Integration |
|---|---|
| Cilium/Envoy | Inline WAF via ext_proc filter |
| Grafana | WAF metrics and blocked request dashboards |
| Falco | Correlate WAF blocks with runtime events |
| OpenSearch | WAF log analysis in SIEM |
Deployment
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: coraza
namespace: flux-system
spec:
interval: 10m
path: ./platform/coraza
prune: true
Part of OpenOva