Zero-trust Opensource Network Management and Observability Platform http://docs.serviceradar.cloud/

JavaScript 48.7%
Elixir 31.1%
Go 9.5%
Rust 5.9%
Shell 1.5%
Other 3%

Find a file

Michael Freeman 48bbc268c4 Some checks failed lint / lint (push) Successful in 47s Details Secret Scan / gitleaks (push) Successful in 58s Details Golang Tests / test-go (push) Failing after 2m17s Details Source Security Scan / source-security (push) Failing after 6m1s Details Merge pull request 'fix: log collector not handling syslog from harbor' (#3129 ) from bug/log-collector into staging Reviewed-on: #3129		2026-04-04 16:45:12 +00:00
.agent/workflows	2277 feat sysmon rewrite in golang (#2279 )	2026-01-14 00:47:53 -06:00
.bazelbsp	adding missing files	2025-09-18 15:21:05 -05:00
.buildbuddy	2999 chore fix bazel container builds (#3000 )	2026-03-07 11:01:16 -06:00
.forgejo/workflows	ci: skip fixture-only tests when secrets are unavailable	2026-04-04 01:58:50 -05:00
.githooks	Add Forgejo secret scanning and mirror workflows	2026-04-02 14:03:00 -05:00
.github	Clean up Forgejo workflow and OCI push tech debt	2026-04-01 11:15:28 -05:00
build	feat: publish wasm plugins and fix demo rollout	2026-04-04 01:02:28 -05:00
database	2851 chore repo hygeine (#2868 )	2026-02-20 18:30:16 -06:00
docker	wip: fixing flow processor	2026-04-03 22:29:14 -05:00
docs	feat: publish wasm plugins and fix demo rollout	2026-04-04 01:02:28 -05:00
elixir	wip: fixing flow processor	2026-04-03 22:29:14 -05:00
go	fix: log collector not handling syslog from harbor	2026-04-04 11:44:06 -05:00
google/protobuf	adding missing files	2025-09-18 12:44:26 -05:00
helm/serviceradar	Move demo CNPG to local-path-big	2026-04-04 10:47:02 -05:00
k8s	Remove arc-runner from push_all inventory	2026-04-03 16:53:05 -05:00
openspec	feat: publish wasm plugins and fix demo rollout	2026-04-04 01:02:28 -05:00
proto	feat: updates for agent onboarding and agent release management (#3097 )	2026-03-29 23:17:57 -05:00
rust	fix: log collector not handling syslog from harbor	2026-04-04 11:44:06 -05:00
scripts	fix: unblock Forgejo secret scan	2026-04-04 01:06:49 -05:00
swift	chore: fixing bazel issues, linter cleanups (#2890 )	2026-02-22 12:50:54 -06:00
third_party	Feature/netflow collection (#2571 )	2026-01-31 22:18:30 -06:00
tools	feat: updates for agent onboarding and agent release management (#3097 )	2026-03-29 23:17:57 -05:00
.bazelignore	Chore/netflow parser 090 (#2702 )	2026-02-04 22:20:03 -06:00
.bazelrc	wip: fixing flow processor	2026-04-03 22:29:14 -05:00
.bazelversion	Chore/bazel cleanup (#3027 )	2026-03-12 15:30:23 -05:00
.clang-tidy	fixing bazel build, adding clang-tidy	2025-10-10 15:51:57 -05:00
.clangd	bazel work and cleanup of legacy web and srql remnants (#2175 )	2025-12-17 19:53:27 -06:00
.dockerignore	2771 featweb ng add flows tab to device details page (#2938 )	2026-02-27 17:20:00 -06:00
.env-sample	chore: updating docker to use new registry	2026-04-02 13:21:21 -05:00
.gitignore	chore: updating docker to use new registry	2026-04-02 13:21:21 -05:00
.gitleaksignore	fix: unblock Forgejo secret scan	2026-04-04 01:06:49 -05:00
.gitmodules	fix(release): restore arancini submodule and update alpine postgresql16 apk pins	2026-02-20 02:11:03 -06:00
.golangci.yml	fixing linter settings file	2025-08-28 15:24:20 -05:00
.pre-commit-config.yaml	Add Forgejo secret scanning and mirror workflows	2026-04-02 14:03:00 -05:00
.swiftlint.yml	2878 swift UI app (#2880 )	2026-02-21 22:09:18 -06:00
.syft.yaml	Add Forgejo SBOM and OSV security workflows	2026-04-01 08:24:53 -05:00
.tool-versions	Web/elixir phoenix poc (#2139 )	2025-12-15 23:11:48 -06:00
AGENTS.md	feat: publish wasm plugins and fix demo rollout	2026-04-04 01:02:28 -05:00
Bazel.md	2999 chore fix bazel container builds (#3000 )	2026-03-07 11:01:16 -06:00
BUILD.bazel	Switch build defaults to Harbor registry	2026-04-01 10:51:31 -05:00
BUILD.md	2999 chore fix bazel container builds (#3000 )	2026-03-07 11:01:16 -06:00
buildbuddy.yaml	Switch build defaults to Harbor registry	2026-04-01 10:51:31 -05:00
buildbuddy_setup_docker_auth.sh	wip: security updates and forgejo cutover	2026-03-31 21:36:18 -05:00
Cargo.lock	fix: log collector not handling syslog from harbor	2026-04-04 11:44:06 -05:00
Cargo.toml	#2908 refactor: merge Flowgger and OTEL into unified log-collector (#2920 )	2026-02-26 14:51:32 -06:00
CHANGELOG	chore: release v1.2.10	2026-03-31 10:24:20 -05:00
CLAUDE.md	2069 bug icmp metrics missing in k8s (#2070 )	2025-12-07 20:41:39 -06:00
CODE_OF_CONDUCT.md	Added COC, CONTRIBUTING.md and SUPPORT.md files.	2025-10-09 15:32:08 +08:00
CODEOWNERS	Added CODEOWNERS and RELEASE.md	2025-10-09 15:43:34 +08:00
CONTRIBUTING.md	Add Forgejo secret scanning and mirror workflows	2026-04-02 14:03:00 -05:00
docker-compose.dev.yml	Switch runtime ServiceRadar image refs to Harbor	2026-04-01 09:53:53 -05:00
docker-compose.override.yml.example	2851 chore repo hygeine (#2868 )	2026-02-20 18:30:16 -06:00
docker-compose.yml	chore: updating docker to use new registry	2026-04-02 13:21:21 -05:00
DOCKER_QUICKSTART.md	3002 bug docker builds failing (#3003 )	2026-03-07 14:03:54 -06:00
go.mod	chore(deps): bump github.com/rs/zerolog from 1.34.0 to 1.35.0 (#3098 )	2026-03-29 21:26:31 -05:00
go.sum	chore(deps): bump github.com/rs/zerolog from 1.34.0 to 1.35.0 (#3098 )	2026-03-29 21:26:31 -05:00
GOVERNANCE.md	Update GOVERNANCE.md	2025-10-16 18:56:39 +08:00
INSTALL.md	Document cosign verification and tune log collector probes	2026-04-02 12:28:49 -05:00
LICENSE	added copyright statements	2025-03-02 21:17:35 -06:00
MAINTAINERS.md	Added empty ROADMAP.md and renamed CONTRIBUTORS.md to MAINTAINERS.md	2025-10-16 18:01:04 +08:00
Makefile	feat: publish wasm plugins and fix demo rollout	2026-04-04 01:02:28 -05:00
Makefile.docker	chore: updating docker to use new registry	2026-04-02 13:21:21 -05:00
MODULE.bazel	wip: fixing flow processor	2026-04-03 22:29:14 -05:00
MODULE.bazel.lock	fix: log collector not handling syslog from harbor	2026-04-04 11:44:06 -05:00
README-Docker.md	chore: updating docker to use new registry	2026-04-02 13:21:21 -05:00
README.md	Document cosign verification and tune log collector probes	2026-04-02 12:28:49 -05:00
RELEASE.md	Document cosign verification and tune log collector probes	2026-04-02 12:28:49 -05:00
SECURITY.md	Update SECURITY.md	2025-03-03 12:12:50 -06:00
SECURITY_CONTACTS.md	Update SECURITY_CONTACTS.md	2025-10-16 18:55:11 +08:00
SUPPORT.md	Added COC, CONTRIBUTING.md and SUPPORT.md files.	2025-10-09 15:32:08 +08:00
TELEMETRY.md	Update TELEMETRY.md	2025-10-16 18:55:20 +08:00
VERSION	chore: release v1.2.10	2026-03-31 10:24:20 -05:00
WORKSPACE	speed up builds	2025-10-11 00:49:25 -05:00

README.md

ServiceRadar

Active source development and releases now live at https://code.carverauto.dev/carverauto/serviceradar.

https://github.com/user-attachments/assets/1cf2b90a-06f4-4ba7-b229-79720b16e0aa

ServiceRadar is a distributed network monitoring system designed for infrastructure and services in hard-to-reach places or constrained environments. It provides real-time monitoring of internal services with cloud-based alerting to ensure you stay informed even during network or power outages.

Demo site available at https://demo.serviceradar.cloud login: demo@localhost password: serviceradar

Features

Distributed Architecture: Multi-component design (Agent, Gateway, Core) for flexible edge deployments.
WASM Plugin System: Securely extend monitoring with custom checks in Go or Rust. Runs in a hardware-level sandbox with zero local dependencies and proxied networking.
Topology: GPU-native topology engine capable of rendering millions of interactive nodes and edges at 60fps via deck.gl, Apache Arrow for zero-copy streaming, and WASM-native logic layer.
Causal Engine: Real-time triage and isolation via DeepCausality (Rust). Employs hybrid filtering and roaring bitmaps to identify root causes and visually isolate an event's "blast radius" in microseconds.
SRQL: intuitive key:value syntax for querying time-series and relational data.
Unified Data Layer: Powered by CloudNativePG, TimescaleDB, and Apache AGE for relational, time-series, and graph topology data.
Observability: Native support for OTEL, GELF, Syslog, SNMP (polling/traps), BGP (BMP), and NetFlow.
Graph Network Mapper: Discovery engine that maps interfaces and topology relationships via SNMP/LLDP/CDP.
Security: Hardened with mTLS (SPIFFE/SPIRE on Kubernetes), RBAC, and SSO integration.

WASM-Based Extensibility

ServiceRadar replaces traditional "script-and-shell" plugins with a modern WebAssembly runtime. This provides a generation leap in security and portability:

Feature	ServiceRadar (WASM)	Traditional NMS (Nagios/Zabbix)	Enterprise (SolarWinds)
Isolation	Hardware Sandbox	None (OS Process)	None (User Session)
Dependencies	Zero (Static Binaries)	High (Local Libs/Python)	High (.NET/Runtimes)
Security	Capability-based (Proxy)	Sudo/Root access	Local Admin / WMI
Portability	Cross-platform WASM	Script-specific	Windows-centric
Auditability	Every network call logged	Invisible to Agent	Opaque

Why WASM? Plugins are "FS-less" by default. They cannot access the host filesystem or raw sockets. Instead, they use a Network Bridge where the Agent proxies specific HTTP/TCP calls based on admin-approved allowlists.

Plug-in SDK

Go: https://github.com/carverauto/serviceradar-sdk-go

Rust: https://github.com/carverauto/serviceradar-sdk-rust -- Coming Soon

Quick Installation (Docker Compose)

Get ServiceRadar running in under 5 minutes:

# Optional - set these in your .env 
export SERVICERADAR_HOST=<my-vm-ip>
export GATEWAY_PUBLIC_BIND=0.0.0.0

git clone https://code.carverauto.dev/carverauto/serviceradar.git
cd serviceradar

docker compose up -d

# Get your admin password
docker compose logs config-updater

Access: http://localhost (login: root@localhost)

Kubernetes / Helm Deployment

ServiceRadar provides an official Helm chart for Kubernetes deployments, published to Harbor as an OCI artifact.

# Inspect chart metadata and default values
helm show chart oci://registry.carverauto.dev/serviceradar/charts/serviceradar --version 1.1.1
helm show values oci://registry.carverauto.dev/serviceradar/charts/serviceradar --version 1.1.1 > values.yaml

# Install a pinned release (recommended)
helm upgrade --install serviceradar oci://registry.carverauto.dev/serviceradar/charts/serviceradar \
  --version 1.1.1 \
  -n serviceradar --create-namespace \
  --set global.imageTag="v1.1.1"

# Track mutable images (staging/dev): pulls :latest and forces re-pull
helm upgrade --install serviceradar oci://registry.carverauto.dev/serviceradar/charts/serviceradar \
  --version 1.1.1 \
  -n serviceradar --create-namespace \
  --set global.imageTag="latest" \
  --set global.imagePullPolicy="Always"

# Get password for 'root@localhost' user created by helm install
kubectl get secret serviceradar-secrets -n serviceradar \
    -o jsonpath='{.data.admin-password}' | base64 -d

Note: if you omit global.imageTag, the chart defaults to latest. Set global.imagePullPolicy=Always when you want to pick up new pushes on restart.

Verifying Published Images

ServiceRadar publishes Cosign-signed images to Harbor. The public verification key is committed in docs/cosign.pub.

Verify a released or immutable image tag with:

cosign verify \
  --experimental-oci11 \
  --key docs/cosign.pub \
  registry.carverauto.dev/serviceradar/serviceradar-core-elx:v1.2.10

For build-specific images, prefer the immutable sha-<commit> tags:

cosign verify \
  --experimental-oci11 \
  --key docs/cosign.pub \
  registry.carverauto.dev/serviceradar/serviceradar-core-elx:sha-ac23dc0ebcbee0d6a964dc8307826bf2a063536c

Successful verification proves the image was signed with the ServiceRadar release key and that the signature published in Harbor matches the requested image.

Docker Compose notes:

Set APP_TAG in .env to pin release images (example: APP_TAG=v1.1.1).
Set COMPOSE_FILE=docker-compose.yml:docker-compose.dev.yml in .env to default to the dev overlay without -f.

Chart URL: oci://registry.carverauto.dev/serviceradar/charts/serviceradar

Notes:

Chart versions are like 1.1.1; ServiceRadar image tags are like v1.1.1.
If your cluster requires registry credentials, set image.registryPullSecret (default registry-carverauto-dev-cred).

For ArgoCD deployments, use registry.carverauto.dev/serviceradar/charts as the repository URL (without the oci:// prefix):

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: serviceradar
  namespace: argocd
spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: serviceradar
  source:
    repoURL: registry.carverauto.dev/serviceradar/charts
    chart: serviceradar
    targetRevision: "1.1.1"
    helm:
      values: |
        global:
          imageTag: "v1.1.1"

Architecture

Agent: Lightweight Go service on monitored hosts; manages WASM execution and local collection.
Agent-Gateway: Ingestion point that receives gRPC streams from edge agents.
Core (core-elx): Control plane (Elixir/Phoenix/Ash) for orchestration, ERTS, and job scheduling (Oban).
Web UI (web-ng): Real-time LiveView dashboard and APIs for configuration and visualization.
NATS: NATS JetStream message broker for bulk ingestion streams.
Collectors: Collect bulk data (netflow, logs, SNMP, etc.).

Documentation

For detailed guides on setup, security, and WASM SDK usage, visit: https://docs.serviceradar.cloud

Contributing

Contributions are welcome! Please feel free to submit a Pull Request. Join our Discord!

License

Apache 2.0 License - see the LICENSE file for details.