InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards. Learn more β
Top 23 Go Devsecops Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
InfluxDB
Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
-
-
https://github.com/trufflesecurity/trufflehog is a similar tool but checks for far more secrets, so I think it'd be a better choice.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard
This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.
-
https://steampipe.io/ https://github.com/prowler-cloud/prowler https://former2.com
-
3. tfsec: https://github.com/aquasecurity/tfsec tfsec uses a suite of security checks to scan your Terraform templates, helping to identify potential security issues before infrastructure is deployed.
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26 -
DevSecOps
βΎοΈ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe π (by hahwul)
-
-
Project mention: π Automating Image Vulnerability Patching in Kubernetes with Trivy Operator, Copacetic, and GitHub Actions | dev.to | 2024-09-03
-
legitify
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
-
chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
-
ChopChop
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
-
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot), sqlite, excel and d2-lang. Simply put it's nmap converter.
Project mention: NMAP-formatter: convert NMAP results to HTML, CSV, JSON, graphviz (dot), SQLite | news.ycombinator.com | 2024-01-26 -
-
Selefra
The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).
-
-
stackql
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Like Steampipe's revolutionary approach, StackQL harnesses the power of SQL to query your resources seamlessly. Moreover, it empowers you to utilize SQL syntax for querying and creating resources.
-
chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Go Devsecops discussion
Go Devsecops related posts
-
π Automating Image Vulnerability Patching in Kubernetes with Trivy Operator, Copacetic, and GitHub Actions
-
Accident Forgiveness
-
How to secure Terraform code with Trivy
-
Safe and Secure Consumption of Open Source Libraries
-
Automating Well-Architected reviews
-
Mastering Secure CI/CD for ECS with GitHub Actions
-
Cloud Security and Resilience: DevSecOps Tools and Practices
-
A note from our sponsor - InfluxDB
www.influxdata.com | 17 Sep 2024
Index
What are some of the best open-source Devsecops projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | trivy | 22,871 |
2 | gitleaks | 17,375 |
3 | trufflehog | 15,644 |
4 | Netmaker | 9,376 |
5 | steampipe | 6,834 |
6 | tfsec | 6,657 |
7 | terrascan | 4,681 |
8 | dalfox | 3,598 |
9 | SecretScanner | 3,094 |
10 | ContainerSSH | 2,658 |
11 | bearer | 1,940 |
12 | DevSecOps | 1,743 |
13 | YaraHunter | 1,234 |
14 | copacetic | 913 |
15 | legitify | 758 |
16 | chain-bench | 717 |
17 | ChopChop | 666 |
18 | nmap-formatter | 639 |
19 | threagile | 594 |
20 | Selefra | 518 |
21 | bomber | 490 |
22 | stackql | 481 |
23 | chainloop | 346 |