Go Devsecops

Open-source Go projects categorized as Devsecops

Top 23 Go Devsecops Projects

  1. trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Project mention: Stop shipping insecure Dockerfiles: real devs don’t run as root | dev.to | 2025-05-03
  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. gitleaks

    Find secrets with Gitleaks πŸ”‘

    Project mention: Gitleaks – open-source Secret Scannng | news.ycombinator.com | 2025-04-05
  4. trufflehog

    Find, verify, and analyze leaked credentials

    Project mention: Ask HN: What are you working on? (April 2025) | news.ycombinator.com | 2025-04-27

    Will monitor your progress

    Also be interesting to see what trufflehog finds (should be false positive)

    https://github.com/trufflesecurity/trufflehog

  5. bytebase

    World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

    Project mention: Postgres 🐘 vs. SQL Server: a Complete Comparison βš–οΈ in 2025 | dev.to | 2025-04-01

    This post is maintained by Bytebase, an open-source database DevSecOps tool that can manage both Postgres and SQL Server. We update the post every year.

  6. Netmaker

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

  7. steampipe

    Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

    Project mention: Show HN: TextQuery – Query CSV, JSON, XLSX Files with SQL | news.ycombinator.com | 2025-05-05

    Readers may also enjoy Steampipe [1], an open source tool to live query 140+ services with SQL (e.g. AWS, GitHub, CSV, Kubernetes, etc). It uses Postgres Foreign Data Wrappers under the hood and supports joins etc with other tables. (Disclaimer - I'm a lead on the project.)

    1 - https://github.com/turbot/steampipe

  8. tfsec

    Tfsec is now part of Trivy

    Project mention: DevOps in 2025: the future is automated, git-ified, and kinda scary but fun. | dev.to | 2025-05-09

    Trivy for scanning

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    Project mention: Terrascan: Detect Compliance and Security Violations Across Iac | news.ycombinator.com | 2025-01-23
  11. dalfox

    πŸŒ™πŸ¦Š Dalfox is a powerful open-source XSS scanner and utility focused on automation.

  12. SecretScanner

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  13. ContainerSSH

    ContainerSSH: Launch containers on demand

    Project mention: Ask HN: How did you replace Teleport? | news.ycombinator.com | 2024-10-17

    If you need only SSH, then try ContainerSSH[1] - it's pretty simple to setup & integrate using OPA for authorization.

    [1]: https://github.com/ContainerSSH/ContainerSSH

  14. bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Project mention: πŸ›‘οΈ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20

    🧰 GitHub Repository: https://github.com/Bearer/bearer

  15. DevSecOps

    ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 (by hahwul)

  16. YaraHunter

    πŸ”πŸ” Malware scanner for cloud-native, as part of CI/CD and at Runtime πŸ”πŸ”

  17. copacetic

    🧡 CLI tool for directly patching container images!

    Project mention: ⚑ Secure your containers fasterβ€”without disrupting your workflow | dev.to | 2025-02-28

    # Define variables VERSION="0.9.0" URL="https://github.com/project-copacetic/copacetic/releases/download/v${VERSION}/copa_${VERSION}_linux_amd64.tar.gz" # Download, extract, cleanup, and move copa binary curl -L -o "copa_${VERSION}_linux_amd64.tar.gz" "$URL" && \ tar -xzf "copa_${VERSION}_linux_amd64.tar.gz" copa && \ rm "copa_${VERSION}_linux_amd64.tar.gz" && \ mv copa /usr/bin/

  18. legitify

    Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

  19. stackql

    Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

    Project mention: Introducing StackQL - Manage Your Cloud Services & Interact with APIs using SQL πŸ§‘β€πŸ’»πŸ”₯ | dev.to | 2025-02-17

    StackQL has been created to help developers standardize their cloud workflows, introducing a unified environment for cloud resources management.

  20. chain-bench

    An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  21. ChopChop

    ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

  22. threagile

    Agile Threat Modeling Toolkit

  23. bomber

    Scans Software Bill of Materials (SBOMs) for security vulnerabilities

  24. Selefra

    The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

  25. chainloop

    Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go Devsecops discussion

Log in or Post with

Go Devsecops related posts

  • How to Effectively Vet Your Supply Chain for Optimal Performance

    2 projects | dev.to | 15 May 2025
  • Ask HN: How are you acquiring first 100 users?

    2 projects | news.ycombinator.com | 13 May 2025
  • The Only Docker Guide You’ll Ever Need (Beginner to Expert)

    3 projects | dev.to | 25 Apr 2025
  • πŸ›‘οΈ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone)

    2 projects | dev.to | 20 Apr 2025
  • Show HN: MCP-Shield – Detects security issues in MCP servers

    5 projects | news.ycombinator.com | 14 Apr 2025
  • Agentic Analysis of Open Source Package Code for Malware

    1 project | dev.to | 8 Apr 2025
  • TruffleHog: Find, verify, and analyze leaked credentials

    1 project | news.ycombinator.com | 1 Apr 2025
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 17 May 2025
    InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more β†’

Index

What are some of the best open-source Devsecops projects in Go? This list will help you:

# Project Stars
1 trivy 26,368
2 gitleaks 19,809
3 trufflehog 19,060
4 bytebase 12,399
5 Netmaker 10,235
6 steampipe 7,321
7 tfsec 6,819
8 terrascan 4,923
9 dalfox 4,251
10 SecretScanner 3,189
11 ContainerSSH 2,822
12 bearer 2,283
13 DevSecOps 1,943
14 YaraHunter 1,309
15 copacetic 1,296
16 legitify 803
17 stackql 777
18 chain-bench 747
19 ChopChop 689
20 threagile 666
21 bomber 565
22 Selefra 531
23 chainloop 445

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Go is
the 4th most popular programming language
based on number of references?