Top 23 Go Devsecops Projects

• trivy

  82 21,316 9.7 Go

  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  

Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16

Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec

• gitleaks

  35 15,225 8.2 Go

  Protect and discover secrets using Gitleaks 🔑

  

Project mention: How to use Lefthooks in your node project? | dev.to | 2024-04-11

install gitleaks in your machine gitleaks

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• trufflehog

  25 13,863 9.9 Go

  Find and verify credentials

  

Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03

Trufflehog

• Netmaker

  165 8,952 9.6 Go

  Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

  

Project mention: Netmaker: An open source WireGuard VPN | news.ycombinator.com | 2024-02-23

• tfsec

  28 6,544 5.5 Go

  Security scanner for your Terraform code

  

Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16

tfsec Owner/Maintainer: Aqua Security (acquired in 2021) Age: First released on GitHub on March 5th, 2019 License: MIT License tfsec project is no longer actively maintained in favor of the Trivy tool. But because many people still use it and it's quite famous, I added tfsec to this comparison. However, I recommend against using it for new projects.

• steampipe

  146 6,379 9.7 Go

  Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

  

Project mention: Steampipe: Dynamically query APIs, code and more with SQL | news.ycombinator.com | 2024-04-04

• terrascan

  22 4,494 6.9 Go

  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

  

Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16

Terrascan Owner/Maintainer: Tenable (acquired in 2022) Age: First release on GitHub on November 28th, 2017 License: Apache License 2.0

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• dalfox

  1 3,272 8.4 Go

  🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

• SecretScanner

  7 2,956 7.3 Go

  :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  

• ContainerSSH

  12 2,565 5.6 Go

  ContainerSSH: Launch containers on demand

  

Project mention: Ask HN: Tell us about your project that's not done yet but you want feedback on | news.ycombinator.com | 2023-08-16

- Build your own honeypot with ContainerSSH (DevConf CZ 2021) [4]

[1]: https://containerssh.io

• bearer

  18 1,736 9.6 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

• DevSecOps

  2 1,619 3.8 Go

  ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 (by hahwul)

• YaraHunter

  3 1,229 9.6 Go

  🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

  

• copacetic

  6 778 9.3 Go

  🧵 CLI tool for directly patching container images using reports from vulnerability scanners

  

Project mention: copacetic: 🧵 CLI tool for directly patching container images using reports from vulnerability scanners | /r/blueteamsec | 2023-11-25

• legitify

  21 706 8.1 Go

  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

  

Project mention: GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub GitLab assets. Version 1.0 is out, check out the new enterprise-level policies. | /r/netsec | 2023-08-04

• chain-bench

  3 698 5.1 Go

  An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  

• ChopChop

  1 651 0.0 Go

  ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

  

• nmap-formatter

  1 595 6.4 Go

  A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.

Project mention: NMAP-formatter: convert NMAP results to HTML, CSV, JSON, graphviz (dot), SQLite | news.ycombinator.com | 2024-01-26

• threagile

  5 562 9.1 Go

  Agile Threat Modeling Toolkit

  

Project mention: Threagile – Agile Threat Modeling Toolkit | news.ycombinator.com | 2023-11-17

• Selefra

  36 507 7.6 Go

  The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

  

Project mention: A Better Version Is Released - Selefra v0.2.3 | /r/Selefra | 2023-07-03

[Feature]Modules support filtering, while labels support customization of any format. by @FelixsJiang in #30

• bomber

  4 453 7.1 Go

  Scans Software Bill of Materials (SBOMs) for security vulnerabilities

  

• stackql

  5 433 8.4 Go

  Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

  

Project mention: Cloud Tools You Probably Haven't Heard Of | dev.to | 2024-03-31

Like Steampipe's revolutionary approach, StackQL harnesses the power of SQL to query your resources seamlessly. Moreover, it empowers you to utilize SQL syntax for querying and creating resources.

• yatas

  2 303 5.4 Go

  :owl::mag_right: A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Go Devsecops related posts

• A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
  6 projects | dev.to | 16 Apr 2024
• Cloud Tools You Probably Haven't Heard Of
  3 projects | dev.to | 31 Mar 2024
• Show HN: Vet now supports detecting malicious packages
  1 project | news.ycombinator.com | 31 Dec 2023
• GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  1 project | /r/cybersecurity | 10 Dec 2023
• GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  1 project | /r/Information_Security | 10 Dec 2023
• GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  1 project | /r/netsec | 10 Dec 2023
• Threagile – Agile Threat Modeling Toolkit
  1 project | news.ycombinator.com | 17 Nov 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 26 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!