Top 23 Go Security Projects
Fast, multi-platform web server with automatic HTTPSProject mention: Geofence your self-hosted API's | dev.to | 2021-11-27
Caddy is an awesome web server alternative to nginx and apache (httpd). Caddy is written in Go, is a much more performant and extensible web server (in my opinion). With Caddy, you can host basic files or reverse proxy your API's, which is how I use it. I use Caddy because of its automatic TLS functionality so I don't have to worry about manual creation of certificates and keys.
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.Project mention: Simple OpenID Connect (OIDC) Provider? | reddit.com/r/selfhosted | 2021-10-23
Run Linux Software Faster and Safer than Linux with Unikernels.
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)Project mention: Is a 25MB hard size limit on K8s container image size reasonable? | reddit.com/r/kubernetes | 2021-11-25
That's incredibly small. I don't know how you'll be able to do this for your projects without heavily leveraging docker-slim: https://github.com/docker-slim/docker-slim
The Single Sign-On Multi-Factor portal for web appsProject mention: Looking for reliable open-source 2FA self hosted server | reddit.com/r/sysadmin | 2021-11-18
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.Project mention: TCP Traffic tunneln/weiterleiten zur Analyse | reddit.com/r/de_EDV | 2021-11-24
Certificate authority and access plane for SSH, Kubernetes, web applications, and databasesProject mention: Need help in SSH Login Monitoring and Terminal Commands Monitoring inside the VM | reddit.com/r/Proxmox | 2021-11-26
eBPF-based Networking, Security, and ObservabilityProject mention: Container security best practices: Ultimate guide | news.ycombinator.com | 2021-10-13
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issuesProject mention: trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues | reddit.com/r/CKsTechNews | 2021-11-10
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.Project mention: Teen caught in $46M dollar Bitcoin theft via buying a username | news.ycombinator.com | 2021-11-24
There's no consensus because there's no best answer. Here's an example of what you could do.
Generate a new seed phrase on a hardware wallet. Encrypt the seed phrase using https://github.com/FiloSottile/age with a symmetric password and print out the encrypted seed. Store the paper in a safety deposit box.
Write down the encryption password and the hardware PIN in an envelope to be opened in the event of your death.
All that said, this particular example is vulnerable in that you could be held at gunpoint and lose everything. So next we start talking about cold vs hot storage...
Simple and flexible tool for managing secretsProject mention: It's Now Possible to Sign Arbitrary Data with Your SSH Keys | news.ycombinator.com | 2021-11-13
Yes it is, and they are awesome. git-crypt is a godsend for smaller projects (and maybe larger ones if permissions are granular enough) -- way simpler than sops and other alternative, with native integration via git filters (smudge). I use it on a ton of projects.
Scan git repos (or files) for secrets using regex and entropy 🔑Project mention: Question about secrets inside git repositories and how to deal with them | reddit.com/r/devops | 2021-08-02
We use a self hosted Gitlab instance where we turned on the option to atleast detect .key files from commits. Another thing we do is we scan all our repositories using Gitleaks. It's fairly simple and works pretty well. Generates a text file report that will show you where a secret has been committed and by whom.
Open-Source Phishing ToolkitProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
Gophish - Open-source phishing framework.
Safely store secrets in Git/Mercurial/SubversionProject mention: Quick Ansible Vault question | reddit.com/r/ansible | 2021-09-13
Golang security checkerProject mention: Container security best practices: Comprehensive guide | dev.to | 2021-11-16
For application code, there are different SAST (Static Application Security Testing) tools like sonarqube, which provide vulnerability scanners for different languages, gosec for analyzing go code and detecting issues based on rules, linters, etc.
Manage your dotfiles across multiple diverse machines, securely.Project mention: Chezmoi: Manage your dotfiles across multiple diverse machines, securely | news.ycombinator.com | 2021-11-21
Let's Encrypt client and ACME library written in GoProject mention: My ISP blocks port 80? | reddit.com/r/homelab | 2021-11-23
lego is a commonly used library supporting most providers (close to 100). Apart from certbot, most auto-cert-provisioning functionality is using it as a library but it can also be run as a standalone.
Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®.Project mention: Using Kubernetes CronJob? love Slack? | reddit.com/r/kubernetes | 2021-11-23
Kubescape GitHub page - https://github.com/armosec/kubescape
An Efficient Enterprise-class Container EngineProject mention: Ask HN: Any Good Alternative for Docker? | news.ycombinator.com | 2021-08-31
A Tool for Domain FlyoversProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.Project mention: Block GET requests that aren't to my website | reddit.com/r/nginx | 2021-11-26
I'd like to suggest CrowdSec for this. It's free and open source and based on crowdsourced threat intelligence. Think if it as an advanced version of fail2ban.
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewalProject mention: Which web framework is more preferred or "industry standard" today? | reddit.com/r/golang | 2021-10-17
That said, I would use https://github.com/caddyserver/certmagic to manage you SSL certs.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.Project mention: Let's Encrypt for internal sites/apps | reddit.com/r/sysadmin | 2021-10-04
I recommend https://smallstep.com/certificates/ everything you need to deploy and internal CA.
Security scanner for your Terraform codeProject mention: Container security best practices: Comprehensive guide | dev.to | 2021-11-16
If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.
Go Security related posts
Block GET requests that aren't to my website
1 project | reddit.com/r/nginx | 26 Nov 2021
How To Setup Your CTFd Platform With HTTPS And SSL
3 projects | dev.to | 25 Nov 2021
Is a 25MB hard size limit on K8s container image size reasonable?
3 projects | reddit.com/r/kubernetes | 25 Nov 2021
My ISP blocks port 80?
3 projects | reddit.com/r/homelab | 23 Nov 2021
Even large corporate institutions like McKinsey starts endorsing open-source...
1 project | reddit.com/r/opensource | 23 Nov 2021
How to reduce image size?
1 project | reddit.com/r/docker | 23 Nov 2021
Using Kubernetes CronJob? love Slack?
1 project | reddit.com/r/kubernetes | 23 Nov 2021
What are some of the best open-source Security projects in Go? This list will help you:
|3||Lean and Mean Docker containers||11,483|
Are you hiring? Post a new remote job listing for free.