Top 23 Go Security Projects
Fast, multi-platform web server with automatic HTTPSProject mention: Nim Version 1.6 Released | news.ycombinator.com | 2021-10-19
How to run those benchmarks?
At that Nim release page:
Is link to this benchmark:
Where nim is 2nd with 200k req/s, but it is using httpbeast:
That says it would be more useful to use jester:
Jester has 150k req/s.
But, when looking at these:
dragon, actix etc has about 600k req/s .
Also redbean has about 600k req/s, when I tested:
I tested like this:
git clone https://github.com/wg/wrk.git
./wrk -H 'Accept-Encoding: gzip' -t 12 -c 120 http://127.0.0.1:8080/
When I tested https://caddyserver.com v2, it did show about 800k req/s.
It would be very helpful to know how those benchmarks are actually done, so that I could compare what is actually fastest in real world, and not just use some for benchmark tested winning non-realistic code.
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.Project mention: Simplest way to handle authentication WITHOUT a third party? Please any advice really helps | reddit.com/r/reactjs | 2021-07-27
Check this OpenSource OAuth server: https://github.com/ory/hydra
Run Linux Software Faster and Safer than Linux with Unikernels.
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)Project mention: Creating Production-Ready Containers - The Basics | dev.to | 2021-06-03
There are many ways to slim a container, from basic security to fully automated open-source tools like DockerSlim. Full disclosure: I work for Slim.AI, a company founded on the DockerSlim open source project. Let's look at some of the common ways developers create production-ready container images today.
The Single Sign-On Multi-Factor portal for web appsProject mention: Working Authentik and Nginx proxy authentication for domain | reddit.com/r/selfhosted | 2021-10-19
Afraid I can't speak for Authentik as I've not used it, but as an alternative option have you tried Authelia? The configuration options are pretty robust, I've been using it for a while and very happy with the results.
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
BetterCAP - Modular, portable and easily extensible MITM framework.
Certificate authority and access plane for SSH, Kubernetes, web applications, and databasesProject mention: Secure the SSH agent forwarding socket | reddit.com/r/sysadmin | 2021-10-17
You should check out Teleport -- https://github.com/gravitational/teleport - so you don't have to worry about keys (all using short-live SSH certs), plus you get auditing/logging features.
eBPF-based Networking, Security, and ObservabilityProject mention: Container security best practices: Ultimate guide | news.ycombinator.com | 2021-10-13
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issuesProject mention: Kubernetes Security Checklist 2021 | dev.to | 2021-10-18
All images should be checked in the application lifecycle by automated scanners (Trivy, Clair, Grype)
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.Project mention: Still true? How true? | reddit.com/r/ProgrammerHumor | 2021-10-17
Thankfully, you can just use minisign instead (and age for encryption). Don't use gpg.
Scan git repos (or files) for secrets using regex and entropy 🔑Project mention: Question about secrets inside git repositories and how to deal with them | reddit.com/r/devops | 2021-08-02
We use a self hosted Gitlab instance where we turned on the option to atleast detect .key files from commits. Another thing we do is we scan all our repositories using Gitleaks. It's fairly simple and works pretty well. Generates a text file report that will show you where a secret has been committed and by whom.
Simple and flexible tool for managing secretsProject mention: Not sure if DevOps, but a few questions. | reddit.com/r/devops | 2021-10-16
SOPS is a great tool for managing secrets: https://github.com/mozilla/sops
Open-Source Phishing Toolkit
Gophish - Open-source phishing framework.
Safely store secrets in Git/Mercurial/SubversionProject mention: Quick Ansible Vault question | reddit.com/r/ansible | 2021-09-13
Golang security checkerProject mention: Golang Security Checker | news.ycombinator.com | 2021-08-04
Manage your dotfiles across multiple diverse machines, securely.Project mention: What If Performance Advertising Is Just an Analytics Scam? | news.ycombinator.com | 2021-10-13
Yes. As an experiment, I tried running a Google Ads campaign for my https://chezmoi.io open source project bidding on "dotfile manager". Twenty clicks cost me $20. I terminated the experiment quickly.
Let's Encrypt client and ACME library written in GoProject mention: Let's Encrypt for internal sites/apps | reddit.com/r/sysadmin | 2021-10-04
Check out https://github.com/go-acme/lego, they support most DNS providers that have API access.
An Efficient Enterprise-class Container EngineProject mention: Ask HN: Any Good Alternative for Docker? | news.ycombinator.com | 2021-08-31
A Tool for Domain Flyovers
AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA (https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.Project mention: Hosting a .onion | reddit.com/r/onions | 2021-10-22
I'd like to suggest running CrowdSec instead. It started out as a modern version of f2b but has evolved into so much more - among others it can make more advanced decions and detect anormalies (like DDoS atttacks, stuffing, data stealing and other types of abuse and theft). It's free, open source and crowdsourced threat intelligence meaning that all users of CrowdSec shares data on attacks (anonymously!) and helps each other fight them - and also that there's better protection the more users there are.
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewalProject mention: Which web framework is more preferred or "industry standard" today? | reddit.com/r/golang | 2021-10-17
That said, I would use https://github.com/caddyserver/certmagic to manage you SSL certs.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.Project mention: Let's Encrypt for internal sites/apps | reddit.com/r/sysadmin | 2021-10-04
I recommend https://smallstep.com/certificates/ everything you need to deploy and internal CA.
Security scanner for your Terraform codeProject mention: Terraform IaC Scanning with Trivy | dev.to | 2021-10-16
Trivy checks Terraform IaC using TFSEC. You can take a look at all the checks that Trivy performs under the included checks documentation. In the previous example above Trivy detected a risk called: Potentially sensitive data stored in block attribute, which notified us that our code was potentially exposing sensitive data.
What are some of the best open-source Security projects in Go? This list will help you:
|3||Lean and Mean Docker containers||10,765|
Are you hiring? Post a new remote job listing for free.