InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more β
Top 23 Go Devsecops Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Project mention: Stop shipping insecure Dockerfiles: real devs donβt run as root | dev.to | 2025-05-03 -
InfluxDB
InfluxDB β Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
Will monitor your progress
Also be interesting to see what trufflehog finds (should be false positive)
https://github.com/trufflesecurity/trufflehog
-
bytebase
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Project mention: Postgres π vs. SQL Server: a Complete Comparison βοΈ in 2025 | dev.to | 2025-04-01This post is maintained by Bytebase, an open-source database DevSecOps tool that can manage both Postgres and SQL Server. We update the post every year.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
Project mention: Show HN: TextQuery β Query CSV, JSON, XLSX Files with SQL | news.ycombinator.com | 2025-05-05
Readers may also enjoy Steampipe [1], an open source tool to live query 140+ services with SQL (e.g. AWS, GitHub, CSV, Kubernetes, etc). It uses Postgres Foreign Data Wrappers under the hood and supports joins etc with other tables. (Disclaimer - I'm a lead on the project.)
1 - https://github.com/turbot/steampipe
-
Project mention: DevOps in 2025: the future is automated, git-ified, and kinda scary but fun. | dev.to | 2025-05-09
Trivy for scanning
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Project mention: Terrascan: Detect Compliance and Security Violations Across Iac | news.ycombinator.com | 2025-01-23 -
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
If you need only SSH, then try ContainerSSH[1] - it's pretty simple to setup & integrate using OPA for authorization.
[1]: https://github.com/ContainerSSH/ContainerSSH
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Project mention: π‘οΈ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20π§° GitHub Repository: https://github.com/Bearer/bearer
-
DevSecOps
βΎοΈ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe π (by hahwul)
-
-
Project mention: β‘ Secure your containers fasterβwithout disrupting your workflow | dev.to | 2025-02-28
# Define variables VERSION="0.9.0" URL="https://github.com/project-copacetic/copacetic/releases/download/v${VERSION}/copa_${VERSION}_linux_amd64.tar.gz" # Download, extract, cleanup, and move copa binary curl -L -o "copa_${VERSION}_linux_amd64.tar.gz" "$URL" && \ tar -xzf "copa_${VERSION}_linux_amd64.tar.gz" copa && \ rm "copa_${VERSION}_linux_amd64.tar.gz" && \ mv copa /usr/bin/
-
legitify
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
-
stackql
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Project mention: Introducing StackQL - Manage Your Cloud Services & Interact with APIs using SQL π§βπ»π₯ | dev.to | 2025-02-17StackQL has been created to help developers standardize their cloud workflows, introducing a unified environment for cloud resources management.
-
chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
-
ChopChop
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
-
-
-
Selefra
The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).
-
chainloop
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Go Devsecops discussion
Go Devsecops related posts
-
How to Effectively Vet Your Supply Chain for Optimal Performance
-
Ask HN: How are you acquiring first 100 users?
-
The Only Docker Guide Youβll Ever Need (Beginner to Expert)
-
π‘οΈ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone)
-
Show HN: MCP-Shield β Detects security issues in MCP servers
-
Agentic Analysis of Open Source Package Code for Malware
-
TruffleHog: Find, verify, and analyze leaked credentials
-
A note from our sponsor - InfluxDB
www.influxdata.com | 17 May 2025
Index
What are some of the best open-source Devsecops projects in Go? This list will help you:
# | Project | Stars |
---|---|---|
1 | trivy | 26,368 |
2 | gitleaks | 19,809 |
3 | trufflehog | 19,060 |
4 | bytebase | 12,399 |
5 | Netmaker | 10,235 |
6 | steampipe | 7,321 |
7 | tfsec | 6,819 |
8 | terrascan | 4,923 |
9 | dalfox | 4,251 |
10 | SecretScanner | 3,189 |
11 | ContainerSSH | 2,822 |
12 | bearer | 2,283 |
13 | DevSecOps | 1,943 |
14 | YaraHunter | 1,309 |
15 | copacetic | 1,296 |
16 | legitify | 803 |
17 | stackql | 777 |
18 | chain-bench | 747 |
19 | ChopChop | 689 |
20 | threagile | 666 |
21 | bomber | 565 |
22 | Selefra | 531 |
23 | chainloop | 445 |