Top 10 Go Devsecops Projects
-
trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
Project mention: Container scanners not scan software not added by package manager | news.ycombinator.com | 2022-05-10- Use trivy or grype with software installed without package manager (via tar) e.g. eclipse-temurin in the alpine version. The java executable gets unpacked into /opt but is not recognized.
https://github.com/aquasecurity/trivy/issues/2098
-
For your scanning, I would also check out tfsec and tflint. In you ci/cd, add them to the same step as terraform validate.
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Project mention: Client GUI for WireGuard Virtual Networks in Netmaker 0.14.0 | reddit.com/r/selfhosted | 2022-05-17It's been a while since we posted an update about Netmaker, so just wanted to share the latest release, which introduces a couple of things which you all might find interesting:
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®
-
ChopChop
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
-
Found a useful set of Tools, Programs, and Learning Resources for Security. It covers Security Standards, Frameworks, Benchmarks , and Networking.
-
Threw some keywords into Google and this popped out: https://containerssh.io/
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
-
preflight
preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack. (by SpectralOps)
Project mention: Preflight: Verify scripts and executables to mitigate chain of supply attacks | news.ycombinator.com | 2021-06-07 -
Go Devsecops related posts
Index
What are some of the best open-source Devsecops projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | trivy | 12,029 |
2 | tfsec | 4,502 |
3 | Netmaker | 3,928 |
4 | terrascan | 3,051 |
5 | ChopChop | 524 |
6 | Open-Source-Security-Guide | 452 |
7 | ContainerSSH | 390 |
8 | threagile | 349 |
9 | preflight | 128 |
10 | squealer | 118 |
Are you hiring? Post a new remote job listing for free.