Top 23 Go Devsecops Projects

• trivy

  24 18,776 9.6 Go

  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  

  Project mention: Friends - needs help choosing solution for SBOM vulnerability | /r/devops | 2023-06-01

• gitleaks

  15 13,848 0.0 Go

  Protect and discover secrets using Gitleaks 🔑

  

  Project mention: Go Security Scanner | /r/golang | 2023-06-08

  Cool. What features/capabilities are different compared to gitleaks?

• InfluxDB

  www.influxdata.com

  sponsored

  Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  

• trufflehog

  8 12,157 9.1 Go

  Find and verify credentials

  

  Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03

  Trufflehog

• Netmaker

  37 7,974 9.7 Go

  Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

  

  Project mention: Show HN: Netmaker – Netmaker Goes Open Source | news.ycombinator.com | 2023-09-25

• tfsec

  6 6,272 7.1 Go

  Security scanner for your Terraform code

  

  Project mention: What is the best `as Code` tool in 2023? | dev.to | 2023-07-26

  Great toolchain, including Infracost or tfsec.

• steampipe

  39 5,576 0.0 Go

  Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.

  

  Project mention: Steampipe Hacktoberfest 2023 | /r/hacktoberfest | 2023-10-02

  Turbot’s Steampipe.io is your go-to CLI for querying APIs (e.g AWS, Kubernetes, GitHub, etc) with SQL! Check it out here: https://github.com/turbot/steampipe

• terrascan

  6 4,224 7.2 Go

  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

  

  Project mention: How are you securing your Azure DevOps IaC pipelines? | /r/AZURE | 2023-05-26

  Terrascan could also be useful : https://github.com/tenable/terrascan

• Onboard AI

  getonboard.dev

  sponsored

  Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  

• dalfox

  0 2,882 0.0 Go

  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

• SecretScanner

  2 2,831 0.0 Go

  :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  

  Project mention: Securing the software supply chain in the cloud | dev.to | 2022-12-10

  SecretScanner

• ContainerSSH

  3 2,416 0.0 Go

  ContainerSSH: Launch containers on demand

  

  Project mention: Ask HN: Tell us about your project that's not done yet but you want feedback on | news.ycombinator.com | 2023-08-16

  - Build your own honeypot with ContainerSSH (DevConf CZ 2021) [4]

  [1]: https://containerssh.io

• DevSecOps

  0 1,429 0.0 Go

  ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 (by hahwul)

• bearer

  17 1,368 10.0 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

  Project mention: [Tool] An alternative to Brakeman for Security | /r/rails | 2023-07-11

  My team and I released Bearer a couple of weeks ago, a newer open and free alternative to Brakeman to check your code for security and privacy risks. In addition to Ruby/Rails, we also cover your JS/TS code, which allows you to use a single solution for your whole Rails application.

• YaraHunter

  0 1,230 0.0 Go

  🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

  

• chain-bench

  0 662 0.0 Go

  An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  

• legitify

  20 646 10.0 Go

  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

  

  Project mention: GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub GitLab assets. Version 1.0 is out, check out the new enterprise-level policies. | /r/netsec | 2023-08-04

• ChopChop

  0 612 0.0 Go

  ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

  

• threagile

  1 496 0.0 Go

  Agile Threat Modeling Toolkit

  

  Project mention: stumbled upon a new threat modeling resource | /r/threatmodeling | 2023-01-24

• Selefra

  36 439 5.6 Go

  The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

  

  Project mention: A Better Version Is Released - Selefra v0.2.3 | /r/Selefra | 2023-07-03

  [Feature]Modules support filtering, while labels support customization of any format. by @FelixsJiang in #30

• bomber

  1 354 3.2 Go

  Scans Software Bill of Materials (SBOMs) for security vulnerabilities

  

  Project mention: Bomber - Scans SBOMs for Vulnerabilities | /r/devsecops | 2022-10-17

• yatas

  1 285 10.0 Go

  :owl::mag_right: A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration

  

  Project mention: padok-team/YATAS: A simple tool to audit your AWS infrastructure for misconfiguration or potential security issues with plugins integration | /r/blueteamsec | 2023-01-10

• stackql

  3 150 10.0 Go

  Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

  

  Project mention: StackQL Studios - Query, provision, secure & operate cloud resources using SQL | /r/programming | 2023-02-04

• preflight

  0 137 0.0 Go

  preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack. (by SpectralOps)

  

• squealer

  0 136 0.0 Go

  Telling tales on you for leaking secrets!

• SonarQube

  www.sonarqube.org

  sponsored

  Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  

Go Devsecops related posts

• Seeking help to identify vulnerabilities and secrets in a website backup file
  1 project | /r/HowToHack | 3 Jul 2023
• OSS Security - Deepfence Threat Mapper
  1 project | /r/selfhosters | 17 Jun 2023
• Detecting Threats on 100k Servers, 1000s of Cloud Accounts, 2500 K8s Clusters
  1 project | news.ycombinator.com | 5 Jun 2023
• Friends - needs help choosing solution for SBOM vulnerability
  2 projects | /r/devops | 1 Jun 2023
• How are you securing your Azure DevOps IaC pipelines?
  1 project | /r/AZURE | 26 May 2023
• Introducing DeepSecrets: a better appsec tool for secrets scanning
  4 projects | /r/netsec | 27 Apr 2023
• Popular and recommended tools for vulnerability scanning
  2 projects | /r/Terraform | 10 Mar 2023
• A note from our sponsor - Revelo Payroll
  try.revelo.com | 3 Oct 2023

  Building a great tech team takes more than a paycheck. Zero payroll costs, get AI-driven insights to retain best talent, and delight them with amazing local benefits. 100% free and compliant. Learn more →

Index

Sponsored

Free Global Payroll designed for tech teams

Building a great tech team takes more than a paycheck. Zero payroll costs, get AI-driven insights to retain best talent, and delight them with amazing local benefits. 100% free and compliant.

try.revelo.com

Do not miss the trending Go projects with our weekly report!