Go Devsecops

Open-source Go projects categorized as Devsecops

Top 23 Go Devsecops Projects

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Project mention: πŸ›‘οΈ Effective Vulnerability Monitoring in Kubernetes | dev.to | 2024-08-26
  • InfluxDB

    Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.

    InfluxDB logo
  • gitleaks

    Protect and discover secrets using Gitleaks πŸ”‘

    Project mention: Gitleaks – Protect and Discover Secrets | news.ycombinator.com | 2024-09-08
  • trufflehog

    Find, verify, and analyze leaked credentials

    Project mention: Accident Forgiveness | news.ycombinator.com | 2024-08-24

    https://github.com/trufflesecurity/trufflehog is a similar tool but checks for far more secrets, so I think it'd be a better choice.

  • Netmaker

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

    Project mention: Show HN: Wag, MFA and Enrollment for WireGuard | news.ycombinator.com | 2024-05-11

    https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard

    This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.

  • steampipe

    Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

    Project mention: Automating Well-Architected reviews | dev.to | 2024-06-18

    https://steampipe.io/ https://github.com/prowler-cloud/prowler https://former2.com

  • tfsec

    Tfsec is now part of Trivy

    Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    3. tfsec: https://github.com/aquasecurity/tfsec tfsec uses a suite of security checks to scan your Terraform templates, helping to identify potential security issues before infrastructure is deployed.

  • terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • dalfox

    πŸŒ™πŸ¦Š Dalfox is a powerful open-source XSS scanner and utility focused on automation.

  • SecretScanner

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  • ContainerSSH

    ContainerSSH: Launch containers on demand

  • bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
  • DevSecOps

    ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 (by hahwul)

  • YaraHunter

    πŸ”πŸ” Malware scanner for cloud-native, as part of CI/CD and at Runtime πŸ”πŸ”

  • copacetic

    🧡 CLI tool for directly patching container images!

    Project mention: πŸš€ Automating Image Vulnerability Patching in Kubernetes with Trivy Operator, Copacetic, and GitHub Actions | dev.to | 2024-09-03
  • legitify

    Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

  • chain-bench

    An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  • ChopChop

    ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

  • nmap-formatter

    A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot), sqlite, excel and d2-lang. Simply put it's nmap converter.

    Project mention: NMAP-formatter: convert NMAP results to HTML, CSV, JSON, graphviz (dot), SQLite | news.ycombinator.com | 2024-01-26
  • threagile

    Agile Threat Modeling Toolkit

    Project mention: Threagile – Agile Threat Modeling Toolkit | news.ycombinator.com | 2023-11-17
  • Selefra

    The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

  • bomber

    Scans Software Bill of Materials (SBOMs) for security vulnerabilities

  • stackql

    Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

    Project mention: Cloud Tools You Probably Haven't Heard Of | dev.to | 2024-03-31

    Like Steampipe's revolutionary approach, StackQL harnesses the power of SQL to query your resources seamlessly. Moreover, it empowers you to utilize SQL syntax for querying and creating resources.

  • chainloop

    Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go Devsecops discussion

Log in or Post with

Go Devsecops related posts

  • πŸš€ Automating Image Vulnerability Patching in Kubernetes with Trivy Operator, Copacetic, and GitHub Actions

    3 projects | dev.to | 3 Sep 2024
  • Accident Forgiveness

    1 project | news.ycombinator.com | 24 Aug 2024
  • How to secure Terraform code with Trivy

    3 projects | dev.to | 14 Aug 2024
  • Safe and Secure Consumption of Open Source Libraries

    3 projects | dev.to | 4 Jul 2024
  • Automating Well-Architected reviews

    2 projects | dev.to | 18 Jun 2024
  • Mastering Secure CI/CD for ECS with GitHub Actions

    4 projects | dev.to | 18 May 2024
  • Cloud Security and Resilience: DevSecOps Tools and Practices

    10 projects | dev.to | 1 May 2024
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 17 Sep 2024
    InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards. Learn more β†’

Index

What are some of the best open-source Devsecops projects in Go? This list will help you:

Project Stars
1 trivy 22,871
2 gitleaks 17,375
3 trufflehog 15,644
4 Netmaker 9,376
5 steampipe 6,834
6 tfsec 6,657
7 terrascan 4,681
8 dalfox 3,598
9 SecretScanner 3,094
10 ContainerSSH 2,658
11 bearer 1,940
12 DevSecOps 1,743
13 YaraHunter 1,234
14 copacetic 913
15 legitify 758
16 chain-bench 717
17 ChopChop 666
18 nmap-formatter 639
19 threagile 594
20 Selefra 518
21 bomber 490
22 stackql 481
23 chainloop 346

Sponsored
Purpose built for real-time analytics at any scale.
InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
www.influxdata.com

Did you konow that Go is
the 4th most popular programming language
based on number of metions?