Go Security

Open-source Go projects categorized as Security | Edit details

Top 23 Go Security Projects

  • GitHub repo Caddy

    Fast, multi-platform web server with automatic HTTPS

    Project mention: Nim Version 1.6 Released | news.ycombinator.com | 2021-10-19

    How to run those benchmarks?

    At that Nim release page:


    Is link to this benchmark:


    Where nim is 2nd with 200k req/s, but it is using httpbeast:


    That says it would be more useful to use jester:


    Jester has 150k req/s.

    But, when looking at these:


    dragon, actix etc has about 600k req/s .

    Also redbean has about 600k req/s, when I tested:


    I tested like this:

    git clone https://github.com/wg/wrk.git

    cd wrk

    ./wrk -H 'Accept-Encoding: gzip' -t 12 -c 120

    When I tested https://caddyserver.com v2, it did show about 800k req/s.

    It would be very helpful to know how those benchmarks are actually done, so that I could compare what is actually fastest in real world, and not just use some for benchmark tested winning non-realistic code.

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: Simplest way to handle authentication WITHOUT a third party? Please any advice really helps | reddit.com/r/reactjs | 2021-07-27

    Check this OpenSource OAuth server: https://github.com/ory/hydra

  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo Lean and Mean Docker containers

    DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

    Project mention: Creating Production-Ready Containers - The Basics | dev.to | 2021-06-03

    There are many ways to slim a container, from basic security to fully automated open-source tools like DockerSlim. Full disclosure: I work for Slim.AI, a company founded on the DockerSlim open source project. Let's look at some of the common ways developers create production-ready container images today.

  • GitHub repo authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: Working Authentik and Nginx proxy authentication for domain | reddit.com/r/selfhosted | 2021-10-19

    Afraid I can't speak for Authentik as I've not used it, but as an alternative option have you tried Authelia? The configuration options are pretty robust, I've been using it for a while and very happy with the results.

  • GitHub repo bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    BetterCAP - Modular, portable and easily extensible MITM framework.

  • GitHub repo Gravitational Teleport

    Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

    Project mention: Secure the SSH agent forwarding socket | reddit.com/r/sysadmin | 2021-10-17

    You should check out Teleport -- https://github.com/gravitational/teleport - so you don't have to worry about keys (all using short-live SSH certs), plus you get auditing/logging features.

  • GitHub repo cilium

    eBPF-based Networking, Security, and Observability

    Project mention: Container security best practices: Ultimate guide | news.ycombinator.com | 2021-10-13
  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo trivy

    Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

    Project mention: Kubernetes Security Checklist 2021 | dev.to | 2021-10-18

    All images should be checked in the application lifecycle by automated scanners (Trivy, Clair, Grype)

  • GitHub repo age

    A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

    Project mention: Still true? How true? | reddit.com/r/ProgrammerHumor | 2021-10-17

    Thankfully, you can just use minisign instead (and age for encryption). Don't use gpg.

  • GitHub repo gitleaks

    Scan git repos (or files) for secrets using regex and entropy 🔑

    Project mention: Question about secrets inside git repositories and how to deal with them | reddit.com/r/devops | 2021-08-02

    We use a self hosted Gitlab instance where we turned on the option to atleast detect .key files from commits. Another thing we do is we scan all our repositories using Gitleaks. It's fairly simple and works pretty well. Generates a text file report that will show you where a secret has been committed and by whom.

  • GitHub repo sops

    Simple and flexible tool for managing secrets

    Project mention: Not sure if DevOps, but a few questions. | reddit.com/r/devops | 2021-10-16

    SOPS is a great tool for managing secrets: https://github.com/mozilla/sops

  • GitHub repo gophish

    Open-Source Phishing Toolkit

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    Gophish - Open-source phishing framework.

  • GitHub repo Blackbox

    Safely store secrets in Git/Mercurial/Subversion

    Project mention: Quick Ansible Vault question | reddit.com/r/ansible | 2021-09-13
  • GitHub repo gosec

    Golang security checker

    Project mention: Golang Security Checker | news.ycombinator.com | 2021-08-04
  • GitHub repo chezmoi

    Manage your dotfiles across multiple diverse machines, securely.

    Project mention: What If Performance Advertising Is Just an Analytics Scam? | news.ycombinator.com | 2021-10-13

    Yes. As an experiment, I tried running a Google Ads campaign for my https://chezmoi.io open source project bidding on "dotfile manager". Twenty clicks cost me $20. I terminated the experiment quickly.

  • GitHub repo lego

    Let's Encrypt client and ACME library written in Go

    Project mention: Let's Encrypt for internal sites/apps | reddit.com/r/sysadmin | 2021-10-04

    Check out https://github.com/go-acme/lego, they support most DNS providers that have API access.

  • GitHub repo pouch

    An Efficient Enterprise-class Container Engine

    Project mention: Ask HN: Any Good Alternative for Docker? | news.ycombinator.com | 2021-08-31
  • GitHub repo aquatone

    A Tool for Domain Flyovers

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.

  • GitHub repo kubescape

    kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA (https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)

    Project mention: New Kubernetes high severity vulnerability alert: CVE-2021-25742 | news.ycombinator.com | 2021-10-22

    You can use Kubescape (open source) to check if you are vulnerable. https://github.com/armosec/kubescape

  • GitHub repo crowdsec

    CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.

    Project mention: Hosting a .onion | reddit.com/r/onions | 2021-10-22

    I'd like to suggest running CrowdSec instead. It started out as a modern version of f2b but has evolved into so much more - among others it can make more advanced decions and detect anormalies (like DDoS atttacks, stuffing, data stealing and other types of abuse and theft). It's free, open source and crowdsourced threat intelligence meaning that all users of CrowdSec shares data on attacks (anonymously!) and helps each other fight them - and also that there's better protection the more users there are.

  • GitHub repo certmagic

    Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

    Project mention: Which web framework is more preferred or "industry standard" today? | reddit.com/r/golang | 2021-10-17

    That said, I would use https://github.com/caddyserver/certmagic to manage you SSL certs.

  • GitHub repo certificates

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    Project mention: Let's Encrypt for internal sites/apps | reddit.com/r/sysadmin | 2021-10-04

    I recommend https://smallstep.com/certificates/ everything you need to deploy and internal CA.

  • GitHub repo tfsec

    Security scanner for your Terraform code

    Project mention: Terraform IaC Scanning with Trivy | dev.to | 2021-10-16

    Trivy checks Terraform IaC using TFSEC. You can take a look at all the checks that Trivy performs under the included checks documentation. In the previous example above Trivy detected a risk called: Potentially sensitive data stored in block attribute, which notified us that our code was potentially exposing sensitive data.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-10-22.


What are some of the best open-source Security projects in Go? This list will help you:

Project Stars
1 Caddy 34,958
2 hydra 11,626
3 Lean and Mean Docker containers 10,765
4 authelia 10,489
5 bettercap 10,485
6 Gravitational Teleport 10,239
7 cilium 9,332
8 trivy 8,793
9 age 8,766
10 gitleaks 8,507
11 sops 8,415
12 gophish 6,273
13 Blackbox 5,923
14 gosec 5,478
15 chezmoi 4,936
16 lego 4,876
17 pouch 4,469
18 aquatone 4,333
19 kubescape 4,139
20 crowdsec 3,872
21 certmagic 3,768
22 certificates 3,481
23 tfsec 3,428
Find remote jobs at our new job board 99remotejobs.com. There are 37 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives