Go Devsecops

Open-source Go projects categorized as Devsecops | Edit details

Top 10 Go Devsecops Projects

  • trivy

    Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets

    Project mention: Container scanners not scan software not added by package manager | news.ycombinator.com | 2022-05-10

    - Use trivy or grype with software installed without package manager (via tar) e.g. eclipse-temurin in the alpine version. The java executable gets unpacked into /opt but is not recognized.


  • tfsec

    Security scanner for your Terraform code

    Project mention: Newbie needs some guidance on new project | reddit.com/r/Terraform | 2022-05-20

    For your scanning, I would also check out tfsec and tflint. In you ci/cd, add them to the same step as terraform validate.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • Netmaker

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

    Project mention: Client GUI for WireGuard Virtual Networks in Netmaker 0.14.0 | reddit.com/r/selfhosted | 2022-05-17

    It's been a while since we posted an update about Netmaker, so just wanted to share the latest release, which introduces a couple of things which you all might find interesting:

  • terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    Project mention: Top 200 Kubernetes Tools for DevOps Engineer Like You | dev.to | 2022-01-15

    TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®

  • ChopChop

    ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

  • Open-Source-Security-Guide

    Open Source Security Guide

    Project mention: Useful Security Guide | reddit.com/r/Cybersecurity101 | 2022-04-29

    Found a useful set of Tools, Programs, and Learning Resources for Security. It covers Security Standards, Frameworks, Benchmarks , and Networking.

  • ContainerSSH

    ContainerSSH: Launch containers on demand

    Project mention: Horizon view but can deliver SSH instead of gui | reddit.com/r/vmware | 2022-05-20

    Threw some keywords into Google and this popped out: https://containerssh.io/

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • threagile

    Agile Threat Modeling Toolkit

    Project mention: Desarrolla de forma segura, aplicando DevSecOps | dev.to | 2022-05-18
  • preflight

    preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack. (by SpectralOps)

    Project mention: Preflight: Verify scripts and executables to mitigate chain of supply attacks | news.ycombinator.com | 2021-06-07
  • squealer

    Telling tales on you for leaking secrets!

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-20.

Go Devsecops related posts


What are some of the best open-source Devsecops projects in Go? This list will help you:

Project Stars
1 trivy 12,029
2 tfsec 4,502
3 Netmaker 3,928
4 terrascan 3,051
5 ChopChop 524
6 Open-Source-Security-Guide 452
7 ContainerSSH 390
8 threagile 349
9 preflight 128
10 squealer 118
Find remote jobs at our new job board 99remotejobs.com. There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives