Top 23 Go Security Projects

Security

• Add a project

1. Caddy

   1 461 73,224 9.5 Go

   Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

   

   Project mention: I got tired of setting up SSL for every side project, so I made a 60-second Docker deploy kit | dev.to | 2026-05-19

   The secret is Caddy. Unlike Nginx, Caddy handles SSL automatically — it requests certificates from Let's Encrypt and renews them without any configuration. The entire reverse proxy config is 3 lines:

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. trivy

   2 120 35,597 9.7 Go

   Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

   

   Project mention: trivy VS onequery - a user suggested alternative | libhunt.com/r/trivy | 2026-06-01

4. nuclei

   3 21 29,060 9.7 Go

   Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

   

   Project mention: Go vet can't go: How PVS-Studio analyzes Go projects | dev.to | 2026-02-11

   Let's look at an example of such an error in the Nuclei project, a vulnerability scanner that allows creating user-defined templates.

5. authelia

   4 175 27,974 9.9 Go

   The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

   

6. gitleaks

   5 55 27,526 7.5 Go

   Find secrets with Gitleaks 🔑

   

   Project mention: Coding is solved. The factory isn't. | dev.to | 2026-06-05

   A layer of deterministic constraints: checks that keep the output converging toward quality instead of tech debt. I work in Python, so for me that's ruff, ty, tach run through prek, plus gitleaks and a stack of project-specific hooks. Different language, different tools — the constraint is the point, not the toolchain.

7. trufflehog

   6 41 26,628 9.6 Go

   Find, verify, and analyze leaked credentials

   

   Project mention: How to Stop Accidentally Committing AWS Keys to GitHub | dev.to | 2026-05-20

   trufflehog is also worth a look — it actually verifies whether detected secrets are still live by calling the relevant APIs. Useful for triage when you find old hits.

8. cilium

   7 42 24,441 10.0 Go

   eBPF-based Networking, Security, and Observability

   

   Project mention: War Story: Debugging a Kafka 4.0 Consumer Lag Spike During a Product Launch Using Cilium 1.17 and Datadog 2026 | dev.to | 2026-04-28

   This adds less than 2% overhead to your node’s CPU usage but exposes 14 Kafka-specific eBPF metrics that are critical for debugging lag. We’ve found that 72% of Kafka 4.0 lag incidents we’ve responded to in 2026 stem from node-level network policy issues that only eBPF can detect. If you’re using a different CNI, you can still use Cilium’s standalone eBPF probe https://github.com/cilium/cilium/tree/v1.17.2/contrib/kafka-probe to get these metrics without replacing your entire CNI. Always validate that kafka.heartbeat_drops_total is 0 in staging before every launch.

9. Lean and Mean Docker containers

   8 42 23,293 7.6 Go

   Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

   

   Project mention: I Ditched Docker for Podman (and You Should Too) | news.ycombinator.com | 2025-09-05

10. age

    9 240 22,502 8.7 Go

    A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

    

    Project mention: Get your passwords out of Bitwarden while you still can | news.ycombinator.com | 2026-05-21

    if you have to do the 'encrypt single plaintext file' dance at least use age[0] in 2026

    [0] https://age-encryption.org/

11. sops

    10 177 22,016 9.3 Go

    Simple and flexible tool for managing secrets

    

    Project mention: Get your passwords out of Bitwarden while you still can | news.ycombinator.com | 2026-05-21

12. authentik

    11 187 21,844 10.0 Go

    The authentication glue you need.

    

    Project mention: 25 Trending Self-Hosted Projects on GitHub | dev.to | 2026-04-02

    Stars: 14.8k | Language: Python GitHub: https://github.com/goauthentik/authentik

13. SafeLine

    12 206 21,460 8.1 Go

    SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

    

    Project mention: SafeLine WAF running on Rootless Docker | dev.to | 2026-04-08

    In today’s post we’ll get going at getting SafeLine excellent WAF (Web Application Firewall) to agree at running on Rootless Docker setup.

14. Gravitational Teleport

    13 66 20,463 10.0 Go

    The easiest, and most secure way to access and protect all of your infrastructure.

    

15. chezmoi

    14 67 20,077 9.7 Go

    Manage your dotfiles across multiple diverse machines, securely.

    

    Project mention: How to setup Terminal tools for Mac | dev.to | 2026-04-07

    twpayne/chezmoi

16. anubis

    15 70 19,761 9.6 Go

    Weighs the soul of incoming HTTP requests to stop AI crawlers

    

    Project mention: Nobody on the internet knows if you are a human | dev.to | 2026-05-28

    The other approach that largely turned out to be security theater was Anubis, which proudly proclaimed itself the watchdog of the internet, weigher of souls, but in the words of its creator "Over time I thought the proof-of-work was actually doing something for security, but no — any barrier makes the low-effort scrapers confused and give up." Really, the rapid FOSS adoption (200k downloads to date) has largely just rehashed Hashcash and propagated anime cat girls throughout the internet, besides actively calling out Mozilla as the benevolent god of bots (except that it is not only trivial to bypass, it ignores curl). As it turns out, the more valuable your website, the higher the floor of computation you need to use, but at some point you have to pay latency debts back, so you have a ceiling where this works out. People abandoned Hashcash for good reason, it burdens legitimate users while doing nothing to bots who wants to squeeze you for value and provide nothing back.

17. bettercap

    16 28 19,385 8.3 Go

    The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

    

18. Ory Hydra

    17 40 17,198 9.6 Go

    Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service on Ory Network or self-host. Trusted by OpenAI and many others for scale and security. Written in Go.

    

    Project mention: Show HN: Open-source OAuth2 server Ory Hydra 25.4 ships OAuth2.1 and Device Auth | news.ycombinator.com | 2025-11-11

19. bytebase

    18 43 14,116 10.0 Go

    World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

    

20. crowdsec

    19 173 13,719 9.7 Go

    CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

    

    Project mention: CrowdSec – protection against malicious IPs and access to real-world CTI | news.ycombinator.com | 2025-09-24

21. gophish

    20 61 13,652 3.4 Go

    Open-Source Phishing Toolkit

    

    Project mention: Run Phishing Simulations for $37/Month Instead of $30,000/Year | dev.to | 2026-01-15

    GoPhish is an open-source phishing simulation framework. It's been around for 10+ years, has 10,000+ installations, and is MIT licensed.

22. grype

    21 64 12,344 9.6 Go

    A vulnerability scanner for container images and filesystems

    

    Project mention: Performance Test: Grype 0.70 vs Trivy 0.50 Scan Times – 15% Faster for Alpine Images | dev.to | 2026-04-28

    After 120+ benchmark runs across 6 Alpine image variants, 2 hardware configurations, and 3 CI environments, our verdict is clear: Grype 0.70 is 15% faster than Trivy 0.50 for Alpine-based container images, with identical vulnerability detection parity. For teams scanning Alpine images at scale, this speedup translates to thousands of dollars in CI compute savings and hundreds of engineer hours reclaimed per month. If you're only scanning Alpine images, migrate to Grype today—the 15% speedup is worth the migration effort for any team with more than 100 daily scans. For heterogeneous image stacks, Trivy remains the better all-in-one option. We recommend running the benchmark script we provided earlier on your own images to validate the speedup for your specific workload.

23. vuls

    22 3 12,172 9.2 Go

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

    

24. Netmaker

    23 168 11,602 9.6 Go

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

    

    Project mention: I finally understand Cloudflare Zero Trust tunnels | news.ycombinator.com | 2025-11-16

    $3 VPS running Headscale is not simpler since you won't be able to run both headscale and tailscale on your end user machines, I don't recommend it.

    The solution we've found is running a white IP container (or VPS) which looks like regular Wireguard outside, while inside it "forwards" to your existing tailscale network.

    I don't remember if we use https://github.com/gravitl/netmaker or https://github.com/juhovh/tailguard

Go Security related posts

• cerbos VS onequery - a user suggested alternative

  2 projects | 1 Jun 2026

• trivy VS onequery - a user suggested alternative

  2 projects | 1 Jun 2026

• I scanned 8 popular open-source repos for outdated dependencies and CVEs. Here's what I found.

  1 project | dev.to | 31 May 2026

• Nobody on the internet knows if you are a human

  2 projects | dev.to | 28 May 2026

• Bumblebee vs OSV-Scanner: Two Takes on Supply Chain Scanning

  2 projects | dev.to | 23 May 2026

• Get your passwords out of Bitwarden while you still can

  7 projects | news.ycombinator.com | 21 May 2026

• How to Stop Accidentally Committing AWS Keys to GitHub

  3 projects | dev.to | 20 May 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 9 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!