Go Security

Open-source Go projects categorized as Security | Edit details

Top 23 Go Security Projects

  • GitHub repo Caddy

    Fast, multi-platform web server with automatic HTTPS

    Project mention: Geofence your self-hosted API's | dev.to | 2021-11-27

    Caddy is an awesome web server alternative to nginx and apache (httpd). Caddy is written in Go, is a much more performant and extensible web server (in my opinion). With Caddy, you can host basic files or reverse proxy your API's, which is how I use it. I use Caddy because of its automatic TLS functionality so I don't have to worry about manual creation of certificates and keys.

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: Simple OpenID Connect (OIDC) Provider? | reddit.com/r/selfhosted | 2021-10-23
  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo Lean and Mean Docker containers

    DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

    Project mention: Is a 25MB hard size limit on K8s container image size reasonable? | reddit.com/r/kubernetes | 2021-11-25

    That's incredibly small. I don't know how you'll be able to do this for your projects without heavily leveraging docker-slim: https://github.com/docker-slim/docker-slim

  • GitHub repo authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: Looking for reliable open-source 2FA self hosted server | reddit.com/r/sysadmin | 2021-11-18
  • GitHub repo bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

    Project mention: TCP Traffic tunneln/weiterleiten zur Analyse | reddit.com/r/de_EDV | 2021-11-24
  • GitHub repo Gravitational Teleport

    Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

    Project mention: Need help in SSH Login Monitoring and Terminal Commands Monitoring inside the VM | reddit.com/r/Proxmox | 2021-11-26
  • GitHub repo cilium

    eBPF-based Networking, Security, and Observability

    Project mention: Container security best practices: Ultimate guide | news.ycombinator.com | 2021-10-13
  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo trivy

    Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

    Project mention: trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues | reddit.com/r/CKsTechNews | 2021-11-10
  • GitHub repo age

    A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

    Project mention: Teen caught in $46M dollar Bitcoin theft via buying a username | news.ycombinator.com | 2021-11-24

    There's no consensus because there's no best answer. Here's an example of what you could do.

    Generate a new seed phrase on a hardware wallet. Encrypt the seed phrase using https://github.com/FiloSottile/age with a symmetric password and print out the encrypted seed. Store the paper in a safety deposit box.

    Write down the encryption password and the hardware PIN in an envelope to be opened in the event of your death.

    All that said, this particular example is vulnerable in that you could be held at gunpoint and lose everything. So next we start talking about cold vs hot storage...

  • GitHub repo sops

    Simple and flexible tool for managing secrets

    Project mention: It's Now Possible to Sign Arbitrary Data with Your SSH Keys | news.ycombinator.com | 2021-11-13

    Yes it is, and they are awesome. git-crypt[0] is a godsend for smaller projects (and maybe larger ones if permissions are granular enough) -- way simpler than sops[1] and other alternative, with native integration via git filters (smudge). I use it on a ton of projects.

    [0]: https://www.agwa.name/projects/git-crypt/

    [1]: https://github.com/mozilla/sops

  • GitHub repo gitleaks

    Scan git repos (or files) for secrets using regex and entropy 🔑

    Project mention: Question about secrets inside git repositories and how to deal with them | reddit.com/r/devops | 2021-08-02

    We use a self hosted Gitlab instance where we turned on the option to atleast detect .key files from commits. Another thing we do is we scan all our repositories using Gitleaks. It's fairly simple and works pretty well. Generates a text file report that will show you where a secret has been committed and by whom.

  • GitHub repo gophish

    Open-Source Phishing Toolkit

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    Gophish - Open-source phishing framework.

  • GitHub repo Blackbox

    Safely store secrets in Git/Mercurial/Subversion

    Project mention: Quick Ansible Vault question | reddit.com/r/ansible | 2021-09-13
  • GitHub repo gosec

    Golang security checker

    Project mention: Container security best practices: Comprehensive guide | dev.to | 2021-11-16

    For application code, there are different SAST (Static Application Security Testing) tools like sonarqube, which provide vulnerability scanners for different languages, gosec for analyzing go code and detecting issues based on rules, linters, etc.

  • GitHub repo chezmoi

    Manage your dotfiles across multiple diverse machines, securely.

    Project mention: Chezmoi: Manage your dotfiles across multiple diverse machines, securely | news.ycombinator.com | 2021-11-21
  • GitHub repo lego

    Let's Encrypt client and ACME library written in Go

    Project mention: My ISP blocks port 80? | reddit.com/r/homelab | 2021-11-23

    lego is a commonly used library supporting most providers (close to 100). Apart from certbot, most auto-cert-provisioning functionality is using it as a library but it can also be run as a standalone.

  • GitHub repo kubescape

    Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®.

    Project mention: Using Kubernetes CronJob? love Slack? | reddit.com/r/kubernetes | 2021-11-23

    Kubescape GitHub page - https://github.com/armosec/kubescape

  • GitHub repo pouch

    An Efficient Enterprise-class Container Engine

    Project mention: Ask HN: Any Good Alternative for Docker? | news.ycombinator.com | 2021-08-31
  • GitHub repo aquatone

    A Tool for Domain Flyovers

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.

  • GitHub repo crowdsec

    CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.

    Project mention: Block GET requests that aren't to my website | reddit.com/r/nginx | 2021-11-26

    I'd like to suggest CrowdSec for this. It's free and open source and based on crowdsourced threat intelligence. Think if it as an advanced version of fail2ban.

  • GitHub repo certmagic

    Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

    Project mention: Which web framework is more preferred or "industry standard" today? | reddit.com/r/golang | 2021-10-17

    That said, I would use https://github.com/caddyserver/certmagic to manage you SSL certs.

  • GitHub repo certificates

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    Project mention: Let's Encrypt for internal sites/apps | reddit.com/r/sysadmin | 2021-10-04

    I recommend https://smallstep.com/certificates/ everything you need to deploy and internal CA.

  • GitHub repo tfsec

    Security scanner for your Terraform code

    Project mention: Container security best practices: Comprehensive guide | dev.to | 2021-11-16

    If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-11-27.

Go Security related posts


What are some of the best open-source Security projects in Go? This list will help you:

Project Stars
1 Caddy 35,294
2 hydra 11,778
3 Lean and Mean Docker containers 11,483
4 authelia 10,872
5 bettercap 10,624
6 Gravitational Teleport 10,441
7 cilium 9,647
8 trivy 9,290
9 age 9,214
10 sops 8,641
11 gitleaks 8,625
12 gophish 6,382
13 Blackbox 6,010
14 gosec 5,568
15 chezmoi 5,289
16 lego 4,934
17 kubescape 4,537
18 pouch 4,480
19 aquatone 4,380
20 crowdsec 4,008
21 certmagic 3,805
22 certificates 3,610
23 tfsec 3,531
Find remote jobs at our new job board 99remotejobs.com. There are 34 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives