This is the starter stack for BAABAA readers: free and open-source tools that help builders ship faster, monitor systems, defend infrastructure, and run modern SaaS operations without heavy vendor lock-in.
Cyber defense
- Wazuh: endpoint security monitoring, SIEM, integrity monitoring, and compliance.
- OWASP ZAP: web app security testing proxy for developers and security teams.
- Trivy: scanner for containers, dependencies, IaC, Kubernetes, and secrets.
- Suricata: IDS, IPS, and network security monitoring.
- YARA: pattern-matching rules for malware research and file classification.
- OpenCTI: threat intelligence knowledge platform.
AI and automation
- Ollama: run local language models for private AI workflows.
- Open WebUI: self-hosted interface for local and private AI systems.
- Flowise: visual builder for LLM applications and RAG workflows.
- Langfuse: observability and evaluations for LLM products.
- Hugging Face Transformers: model toolkit for AI developers.
- Dify: open-source AI app and agent platform.
SaaS operations
- Supabase: Postgres backend, auth, storage, realtime, and edge functions.
- Appsmith: internal tool builder for operations dashboards and admin panels.
- Metabase: analytics and business intelligence dashboards.
- Grafana OSS: observability dashboards for metrics, logs, and traces.
- Nextcloud: self-hosted productivity and private cloud collaboration.
- Gitea: lightweight self-hosted Git service.
Signal: start with one category, deploy one tool, document the workflow, then stack the next layer.
