Top 23 Go security-tool Projects

security-tools

• Add a project

1. trivy

   1 120 36,314 9.7 Go

   Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

   

   Project mention: trivy VS onequery - a user suggested alternative | libhunt.com/r/trivy | 2026-06-01

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. gitleaks

   2 57 27,669 7.5 Go

   Find secrets with Gitleaks 🔑

   

   Project mention: Your .env file is probably already in your Git history. The 15-minute audit (and the 5 habits that stop new leaks for good). | dev.to | 2026-06-15

4. trufflehog

   3 41 26,731 9.6 Go

   Find, verify, and analyze leaked credentials

   

   Project mention: How to Stop Accidentally Committing AWS Keys to GitHub | dev.to | 2026-05-20

   trufflehog is also worth a look — it actually verifies whether detected secrets are still live by calling the relevant APIs. Useful for triage when you find old hits.

5. pentagi

   4 2 17,631 9.5 Go

   Fully autonomous AI Agents system capable of performing complex penetration testing tasks

   

   Project mention: Current Frontline in AI Agent Development: Robust Agent Design and Security Measures | dev.to | 2026-03-23

6. vuls

   5 3 12,181 9.2 Go

   Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

   

7. sliver

   6 20 11,341 9.8 Go

   Adversary Emulation Framework

   

8. osv-scanner

   7 12 10,496 9.8 Go

   Vulnerability scanner written in Go which uses the data provided by https://osv.dev

   

   Project mention: OSV.dev Has a Free API — Find Vulnerabilities in Any Open-Source Package | dev.to | 2026-03-24

   # In your CI pipeline — check requirements.txt pip install pip-audit pip-audit -r requirements.txt --desc --fix # Or use OSV-Scanner directly # https://github.com/google/osv-scanner osv-scanner --lockfile=package-lock.json

9. gosec

   8 22 8,858 9.4 Go

   Go security checker

   

10. certificates

    9 42 8,573 9.4 Go

    🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.

    

11. traitor

    10 17 7,139 0.0 Go

    :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

    

12. spicedb

    11 43 6,772 9.7 Go

    Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data

    

    Project mention: Permission Systems for Enterprise That Scale | news.ycombinator.com | 2025-12-24

13. osmedeus

    12 2 6,412 9.1 Go

    A Modern Orchestration Engine for Security

    

14. syzkaller

    13 9 6,226 9.9 Go

    syzkaller is an unsupervised coverage-guided kernel fuzzer

    

    Project mention: How to debug kernel memory corruption on Apple Silicon | dev.to | 2026-05-15

    For kernel code itself, the most useful open-source tool is syzkaller, which fuzzes syscalls and IOKit interfaces. It's not magic — you need to write descriptions of the syscalls you want fuzzed — but once you have those, it'll find bugs you'd never spot by reading code.

15. scan4all

    14 1 5,987 6.8 Go

    Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

    

16. Modlishka

    15 11 5,330 5.2 Go

    Modlishka. Reverse Proxy.

    

17. Cameradar

    16 3 5,064 7.4 Go

    Cameradar hacks its way into RTSP videosurveillance cameras

    

18. cli

    17 9 4,244 9.2 Go

    🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)

    

19. cariddi

    18 8 3,411 7.5 Go

    Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

    

20. Stowaway

    19 33 3,372 2.5 Go

    👻Stowaway -- Multi-hop Proxy Tool for pentesters

    

21. SecretScanner

    20 9 3,356 6.3 Go

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

    

    Project mention: SecretScanner is an open-source tool for discovering passwords, API, tokens | news.ycombinator.com | 2026-05-27

22. dockle

    21 2 3,261 6.1 Go

    Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

    

23. ContainerSSH

    22 14 3,052 5.5 Go

    ContainerSSH: Launch containers on demand

    

    Project mention: Linux boxes via SSH: suspended when disconected | news.ycombinator.com | 2026-01-15

    It's funny to me as well. Being initially inspired by Yelp's dockersh I wrote a functional MVP of the same concept around 2 years ago. It used a custom Go sshd-proxy to spawn kata-container backed pods in kubernetes. I used it personally for a very brief period of time, and found it useful as a small timesaver for testing things. I wasn't comfortable with monetizing it though. After seeing a few of these pop up, I realize maybe I missed my chance to be early.

    As far as self-hosting goes, it looks like there are some FOSS projects now, eg https://containerssh.io/

24. osv.dev

    23 32 2,743 9.9 Go

    Open source vulnerability DB and triage service.

    

    Project mention: I scanned 8 popular open-source repos for outdated dependencies and CVEs. Here's what I found. | dev.to | 2026-05-31

    I built ScanReq, a VS Code extension that scans dependency files, checks versions against public registries in real time, and queries OSV.dev for known CVEs. It supports 8 ecosystems: Python, Node.js, Rust, Go, PHP, Ruby, and Java (both Maven and Gradle).

Go security-tools related posts

• Your .env file is probably already in your Git history. The 15-minute audit (and the 5 habits that stop new leaks for good).

  1 project | dev.to | 15 Jun 2026

• How Do You Integrate Penetration Testing into CI/CD?

  1 project | dev.to | 15 Jun 2026

• trivy VS onequery - a user suggested alternative

  2 projects | 1 Jun 2026

• I scanned 8 popular open-source repos for outdated dependencies and CVEs. Here's what I found.

  1 project | dev.to | 31 May 2026

• Bumblebee vs OSV-Scanner: Two Takes on Supply Chain Scanning

  2 projects | dev.to | 23 May 2026

• How to Stop Accidentally Committing AWS Keys to GitHub

  3 projects | dev.to | 20 May 2026

• Don't Let Secrets Become Commits: Bringing Gitleaks Into the Developer Workflow

  1 project | dev.to | 7 May 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 15 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!