Go Devsecops

Open-source Go projects categorized as Devsecops

Top 23 Go Devsecops Projects

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Project mention: Friends - needs help choosing solution for SBOM vulnerability | /r/devops | 2023-06-01
  • gitleaks

    Protect and discover secrets using Gitleaks 🔑

    Project mention: Go Security Scanner | /r/golang | 2023-06-08

    Cool. What features/capabilities are different compared to gitleaks?

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • trufflehog

    Find and verify credentials

    Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03


  • Netmaker

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

    Project mention: Show HN: Netmaker – Netmaker Goes Open Source | news.ycombinator.com | 2023-09-25
  • tfsec

    Security scanner for your Terraform code

    Project mention: What is the best `as Code` tool in 2023? | dev.to | 2023-07-26

    Great toolchain, including Infracost or tfsec.

  • steampipe

    Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.

    Project mention: Steampipe Hacktoberfest 2023 | /r/hacktoberfest | 2023-10-02

    Turbot’s Steampipe.io is your go-to CLI for querying APIs (e.g AWS, Kubernetes, GitHub, etc) with SQL! Check it out here: https://github.com/turbot/steampipe

  • terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    Project mention: How are you securing your Azure DevOps IaC pipelines? | /r/AZURE | 2023-05-26

    Terrascan could also be useful : https://github.com/tenable/terrascan

  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  • dalfox

    🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

  • SecretScanner

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

    Project mention: Securing the software supply chain in the cloud | dev.to | 2022-12-10


  • ContainerSSH

    ContainerSSH: Launch containers on demand

    Project mention: Ask HN: Tell us about your project that's not done yet but you want feedback on | news.ycombinator.com | 2023-08-16

    - Build your own honeypot with ContainerSSH (DevConf CZ 2021) [4]

    [1]: https://containerssh.io

  • DevSecOps

    ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 (by hahwul)

  • bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Project mention: [Tool] An alternative to Brakeman for Security | /r/rails | 2023-07-11

    My team and I released Bearer a couple of weeks ago, a newer open and free alternative to Brakeman to check your code for security and privacy risks. In addition to Ruby/Rails, we also cover your JS/TS code, which allows you to use a single solution for your whole Rails application.

  • YaraHunter

    🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

  • chain-bench

    An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  • legitify

    Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

    Project mention: GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub GitLab assets. Version 1.0 is out, check out the new enterprise-level policies. | /r/netsec | 2023-08-04
  • ChopChop

    ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

  • threagile

    Agile Threat Modeling Toolkit

    Project mention: stumbled upon a new threat modeling resource | /r/threatmodeling | 2023-01-24
  • Selefra

    The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

    Project mention: A Better Version Is Released - Selefra v0.2.3 | /r/Selefra | 2023-07-03

    [Feature]Modules support filtering, while labels support customization of any format. by @FelixsJiang in #30

  • bomber

    Scans Software Bill of Materials (SBOMs) for security vulnerabilities

    Project mention: Bomber - Scans SBOMs for Vulnerabilities | /r/devsecops | 2022-10-17
  • yatas

    :owl::mag_right: A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration

    Project mention: padok-team/YATAS: A simple tool to audit your AWS infrastructure for misconfiguration or potential security issues with plugins integration | /r/blueteamsec | 2023-01-10
  • stackql

    Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

    Project mention: StackQL Studios - Query, provision, secure & operate cloud resources using SQL | /r/programming | 2023-02-04
  • preflight

    preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack. (by SpectralOps)

  • squealer

    Telling tales on you for leaking secrets!

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-10-02.

Go Devsecops related posts


What are some of the best open-source Devsecops projects in Go? This list will help you:

Project Stars
1 trivy 18,776
2 gitleaks 13,848
3 trufflehog 12,157
4 Netmaker 7,974
5 tfsec 6,272
6 steampipe 5,576
7 terrascan 4,224
8 dalfox 2,882
9 SecretScanner 2,831
10 ContainerSSH 2,416
11 DevSecOps 1,429
12 bearer 1,368
13 YaraHunter 1,230
14 chain-bench 662
15 legitify 646
16 ChopChop 612
17 threagile 496
18 Selefra 439
19 bomber 354
20 yatas 285
21 stackql 150
22 preflight 137
23 squealer 136
Free Global Payroll designed for tech teams
Building a great tech team takes more than a paycheck. Zero payroll costs, get AI-driven insights to retain best talent, and delight them with amazing local benefits. 100% free and compliant.