SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Go Security Projects
-
Sidecar containers: Google Cloud Run has a cool feature where you can run multiple containers next to each other. So for example, if you want to run Caddy or Traefik as a reverse proxy for your ingress container and then have both your web frontend container & backend api container co-located in the same service, you can do that & have everything be super low latency.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Project mention: Mastering Docker Image Management with GitHub Actions and Container Registries | dev.to | 2025-01-27Software Bill of Materials (SBOM): Knowing what’s in your software is the new cool. Tools like Syft and Trivy can generate SBOMs as part of your CI/CD pipeline, enhancing supply chain security.
-
Project mention: Authelia: The Single Sign-On Multi-Factor portal for web apps | news.ycombinator.com | 2024-07-11
-
nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Slim (Previously DockerSlim): A handy tool for inspecting, slimming down, and debugging your containers.
-
Project mention: Case Study: ByteDance Uses eBPF to Enhance Networking Performance | news.ycombinator.com | 2025-01-29
I'd love to see a more complete picture of ByteDance's TikTok infra. They released "KubeAdmiral" (1) so I'm assuming they're using eBPF via a Kubernetes CNI. I see ByteDance listed on Cilium's github (2). They're also using KubeRay (3). It's annoying that a company I definitely do not want to work for has such an incredibly interesting infrastructure!
1. https://github.com/kubewharf/kubeadmiral
2. https://github.com/cilium/cilium/blob/main/USERS.md
3. https://www.anyscale.com/blog/how-bytedance-scales-offline-i...
-
-
Nutrient
Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers. Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.
-
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
Project mention: Hell Is Overconfident Developers Writing Encryption Code | news.ycombinator.com | 2025-01-31Those aren’t even the correct answer for the use-case in question, anywho. What they’re looking for would actually be sops (https://github.com/getsops/sops), or age (made by the fantastic Filo Sottile: https://github.com/FiloSottile/age), or, hell, just using libsodium sealed boxes. AMS KMS or Vault is perhaps even worse of an answer, Actually
-
Trufflehog is a tool that can scan multiple sources (filesystem, git, have a pre commit hook, Postman), integrate in CI / Docker environment, etc... .
-
Gravitational Teleport
The easiest, and most secure way to access and protect all of your infrastructure.
To save others the search: https://github.com/gravitational/teleport/pull/35259 Apache to AGPLv3
-
Project mention: Hell Is Overconfident Developers Writing Encryption Code | news.ycombinator.com | 2025-01-31
Those aren’t even the correct answer for the use-case in question, anywho. What they’re looking for would actually be sops (https://github.com/getsops/sops), or age (made by the fantastic Filo Sottile: https://github.com/FiloSottile/age), or, hell, just using libsodium sealed boxes. AMS KMS or Vault is perhaps even worse of an answer, Actually
-
Ory Hydra
The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
Project mention: Show HN: Graceful token refresh for open source OAuth2 Server Ory Hydra | news.ycombinator.com | 2025-01-21 -
SafeLine
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
As someone who’s spent a fair amount of time working with different security tools, I was introduced to SafeLine WAF, developed by Chaitin Tech, and it’s been an interesting journey so far. I want to share my experience using this tool.
-
Project mention: Red Hat to contribute container tech (Podman, bootc, ComposeFS, etc.) to CNCF | news.ycombinator.com | 2024-11-14
-
Project mention: Chezmoi adds policy on LLM-generated content to contributor guide | news.ycombinator.com | 2024-12-09
-
this way is very phishable because today hackers just pay Google Ads for a concrete city to catch victims (who google) and redirect them to its phishing recourse (that could be created by gophish easily)
-
bytebase
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Bytebase is a database DevSecOps platform designed for developers, security, DBA, and platform engineering teams.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
Project mention: Kubescape : Comprehensive Kubernetes Security from Development to Runtime | dev.to | 2024-09-16 -
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard
This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.
-
crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
Project mention: Ask HN: How to keep Chinese crawlers from taking down my site? | news.ycombinator.com | 2025-01-11Have you heard of https://github.com/crowdsecurity/crowdsec? It seems like a good fit.
-
-
You could just get a wildcard certificate with lets encrypt, via a dns challenge.
E.g. lego supports many different dns providers
https://go-acme.github.io/lego/
And then internally inside of tailscale you could have your own dns server, which serves subdomains of your domain, and for all subdomains you can use the same wildcard certificate.
This also does not 'expose' your subdomains on Certificate Transparency logs
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Go Security discussion
Go Security related posts
-
Show HN: Authorization game – matching requests to permission policies
-
My Journey with SafeLine: A Practical Tool for Web Security
-
Hell Is Overconfident Developers Writing Encryption Code
-
Show HN: Vet – open-source Package Malware Scanner
-
AMD's Initial Pricing Leaks Reveal Ambitious Plans for Radeon RX 9070 XT and RX
-
Selena Gomez Breaks Down over Mass Deportations: 'I Wish I Could Do Something'
-
Terrascan: Detect Compliance and Security Violations Across Iac
-
A note from our sponsor - SaaSHub
www.saashub.com | 14 Feb 2025
Index
What are some of the best open-source Security projects in Go? This list will help you:
| # | Project | Stars |
|---|---|---|
| 1 | Caddy | 61,381 |
| 2 | trivy | 24,632 |
| 3 | authelia | 22,762 |
| 4 | nuclei | 22,142 |
| 5 | Lean and Mean Docker containers | 20,905 |
| 6 | cilium | 20,860 |
| 7 | gitleaks | 18,865 |
| 8 | age | 18,167 |
| 9 | trufflehog | 18,061 |
| 10 | Gravitational Teleport | 18,008 |
| 11 | sops | 17,725 |
| 12 | Ory Hydra | 15,838 |
| 13 | SafeLine | 15,421 |
| 14 | authentik | 14,918 |
| 15 | chezmoi | 14,104 |
| 16 | gophish | 12,156 |
| 17 | bytebase | 11,920 |
| 18 | vuls | 11,206 |
| 19 | kubescape | 10,421 |
| 20 | Netmaker | 9,807 |
| 21 | crowdsec | 9,718 |
| 22 | grype | 9,332 |
| 23 | lego | 8,258 |
Sponsored
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai