InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
Top 23 Go security-tool Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Project mention: Stop shipping insecure Dockerfiles: real devs don’t run as root | dev.to | 2025-05-03 -
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
Will monitor your progress
Also be interesting to see what trufflehog finds (should be false positive)
https://github.com/trufflesecurity/trufflehog
-
SafeLine
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Project mention: What Is a WAF and Why Do You Need One? (Beginner-Friendly Guide) | dev.to | 2025-04-30👉 See the Live Demo 👉 GitHub Project
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
-
Source
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Project mention: Google OSV-Scanner V2: Elevating Open Source Vulnerability Management | dev.to | 2025-03-24
This improved scanning ensures no weak link in source manifests and lock files goes unnoticed, which is crucial for maintaining security in complex ecosystems. For developers looking to integrate these capabilities, they can visit the OSV-Scanner GitHub repository for more information.
-
certificates
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Project mention: Just want simple TLS for your .internal network? | news.ycombinator.com | 2024-10-17How does this compare with smallstep step-ca certificates?
https://github.com/smallstep/certificates
-
traitor
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
-
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
-
-
spicedb
Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data
Here's an example of how it works in SpiceDB - a database inspired by Google Zanzibar. A zookie is passed when making a permissions check request, and guarantees that the policy and individual relationships used to compute the answer will be at least as fresh as the Zookie presented requires.
-
-
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Project mention: Terrascan: Detect Compliance and Security Violations Across Iac | news.ycombinator.com | 2025-01-23 -
-
cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc. (by smallstep)
Project mention: Setting up a trusted, self-signed SSL/TLS certificate authority in Linux | news.ycombinator.com | 2025-02-17I previously used openssl-based scripts to generate certificates to use for local development or applications on a private network. I have since moved to using the step CLI [1].
OpenSSL is powerful, but it's hard to figure out how to use correctly. Each command seems cryptic no matter how many times I use it.
The step CLI is a lot simpler, even though it has a few quirks: generating PKCS1 formatted private keys instead of the newer PKCS7 format, making every leaf certificate eligible to be either a server certificate or a client certificate, and absurdly low default certificate expirations.
1: https://github.com/smallstep/cli
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
-
dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
-
If you need only SSH, then try ContainerSSH[1] - it's pretty simple to setup & integrate using OPA for authorization.
[1]: https://github.com/ContainerSSH/ContainerSSH
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Go security-tools discussion
Go security-tools related posts
-
Gitleaks – open-source Secret Scannng
-
Ask HN: Has anyone adopted or seen adoption of RFC8959 secret-token?
-
Google OSV-Scanner V2: Elevating Open Source Vulnerability Management
-
Unlocking the Power of SARIF: The Backbone of Modern Static Analysis
-
Terrascan: Detect Compliance and Security Violations Across Iac
-
Top 10 Code Security Tools
-
Do not use secrets in environment variables and
-
A note from our sponsor - InfluxDB
www.influxdata.com | 12 May 2025
Index
What are some of the best open-source security-tool projects in Go? This list will help you:
# | Project | Stars |
---|---|---|
1 | trivy | 26,368 |
2 | gitleaks | 19,741 |
3 | trufflehog | 18,990 |
4 | SafeLine | 16,304 |
5 | vuls | 11,519 |
6 | sliver | 9,313 |
7 | gosec | 8,199 |
8 | osv-scanner | 7,377 |
9 | certificates | 7,271 |
10 | traitor | 6,824 |
11 | scan4all | 5,667 |
12 | syzkaller | 5,654 |
13 | spicedb | 5,642 |
14 | osmedeus | 5,582 |
15 | Modlishka | 4,963 |
16 | terrascan | 4,923 |
17 | Cameradar | 4,314 |
18 | cli | 3,859 |
19 | SecretScanner | 3,189 |
20 | Stowaway | 3,008 |
21 | dockle | 2,894 |
22 | ContainerSSH | 2,822 |
23 | ksubdomain | 2,289 |