Top 23 Go Devsecops Projects

Devsecops

• Add a project

1. trivy

   1 95 26,368 9.8 Go

   Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

   

   Project mention: Stop shipping insecure Dockerfiles: real devs don’t run as root | dev.to | 2025-05-03

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. gitleaks

   2 41 19,809 9.4 Go

   Find secrets with Gitleaks 🔑

   

   Project mention: Gitleaks – open-source Secret Scannng | news.ycombinator.com | 2025-04-05

4. trufflehog

   3 32 19,060 9.8 Go

   Find, verify, and analyze leaked credentials

   

   Project mention: Ask HN: What are you working on? (April 2025) | news.ycombinator.com | 2025-04-27

   Will monitor your progress

   Also be interesting to see what trufflehog finds (should be false positive)

   https://github.com/trufflesecurity/trufflehog

5. bytebase

   4 43 12,399 10.0 Go

   World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

   

   Project mention: Postgres 🐘 vs. SQL Server: a Complete Comparison ⚖️ in 2025 | dev.to | 2025-04-01

   This post is maintained by Bytebase, an open-source database DevSecOps tool that can manage both Postgres and SQL Server. We update the post every year.

6. Netmaker

   5 167 10,235 9.7 Go

   Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

   

7. steampipe

   6 152 7,321 9.6 Go

   Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

   

   Project mention: Show HN: TextQuery – Query CSV, JSON, XLSX Files with SQL | news.ycombinator.com | 2025-05-05

   Readers may also enjoy Steampipe [1], an open source tool to live query 140+ services with SQL (e.g. AWS, GitHub, CSV, Kubernetes, etc). It uses Postgres Foreign Data Wrappers under the hood and supports joins etc with other tables. (Disclaimer - I'm a lead on the project.)

   1 - https://github.com/turbot/steampipe

8. tfsec

   7 36 6,819 5.9 Go

   Tfsec is now part of Trivy

   

   Project mention: DevOps in 2025: the future is automated, git-ified, and kinda scary but fun. | dev.to | 2025-05-09

   Trivy for scanning

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. terrascan

    8 24 4,923 4.8 Go

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    

    Project mention: Terrascan: Detect Compliance and Security Violations Across Iac | news.ycombinator.com | 2025-01-23

11. dalfox

    9 1 4,251 9.7 Go

    🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

    

12. SecretScanner

    10 7 3,189 7.2 Go

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

    

13. ContainerSSH

    11 13 2,822 7.3 Go

    ContainerSSH: Launch containers on demand

    

    Project mention: Ask HN: How did you replace Teleport? | news.ycombinator.com | 2024-10-17

    If you need only SSH, then try ContainerSSH[1] - it's pretty simple to setup & integrate using OPA for authorization.

    [1]: https://github.com/ContainerSSH/ContainerSSH

14. bearer

    12 21 2,283 8.0 Go

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    

    Project mention: 🛡️ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20

    🧰 GitHub Repository: https://github.com/Bearer/bearer

15. DevSecOps

    13 2 1,943 4.7 Go

    ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 (by hahwul)

    

16. YaraHunter

    14 3 1,309 7.9 Go

    🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

    

17. copacetic

    15 8 1,296 9.4 Go

    🧵 CLI tool for directly patching container images!

    

    Project mention: ⚡ Secure your containers faster—without disrupting your workflow | dev.to | 2025-02-28

    # Define variables VERSION="0.9.0" URL="https://github.com/project-copacetic/copacetic/releases/download/v${VERSION}/copa_${VERSION}_linux_amd64.tar.gz" # Download, extract, cleanup, and move copa binary curl -L -o "copa_${VERSION}_linux_amd64.tar.gz" "$URL" && \ tar -xzf "copa_${VERSION}_linux_amd64.tar.gz" copa && \ rm "copa_${VERSION}_linux_amd64.tar.gz" && \ mv copa /usr/bin/

18. legitify

    16 21 803 4.9 Go

    Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

    

19. stackql

    17 7 777 8.8 Go

    Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

    

    Project mention: Introducing StackQL - Manage Your Cloud Services & Interact with APIs using SQL 🧑‍💻🔥 | dev.to | 2025-02-17

    StackQL has been created to help developers standardize their cloud workflows, introducing a unified environment for cloud resources management.

20. chain-bench

    18 3 747 2.7 Go

    An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

    

21. ChopChop

    19 1 689 0.0 Go

    ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

    

22. threagile

    20 5 666 9.0 Go

    Agile Threat Modeling Toolkit

    

23. bomber

    21 4 565 5.3 Go

    Scans Software Bill of Materials (SBOMs) for security vulnerabilities

    

24. Selefra

    22 36 531 7.6 Go

    The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

    

25. chainloop

    23 3 445 9.8 Go

    Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Go Devsecops related posts

• How to Effectively Vet Your Supply Chain for Optimal Performance

  2 projects | dev.to | 15 May 2025

• Ask HN: How are you acquiring first 100 users?

  2 projects | news.ycombinator.com | 13 May 2025

• The Only Docker Guide You’ll Ever Need (Beginner to Expert)

  3 projects | dev.to | 25 Apr 2025

• 🛡️ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone)

  2 projects | dev.to | 20 Apr 2025

• Show HN: MCP-Shield – Detects security issues in MCP servers

  5 projects | news.ycombinator.com | 14 Apr 2025

• Agentic Analysis of Open Source Package Code for Malware

  1 project | dev.to | 8 Apr 2025

• TruffleHog: Find, verify, and analyze leaked credentials

  1 project | news.ycombinator.com | 1 Apr 2025
• A note from our sponsor - InfluxDB
  www.influxdata.com | 17 May 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!