Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure. Learn more →
Top 11 Go supply-chain-security Projects
-
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
legitify
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
-
Project mention: Show HN: Minefield – Fast SBoM Management, 10k Packages Cached in 30s | news.ycombinator.com | 2024-09-06
-
vet
Next Generation Software Composition Analysis (SCA) with Malicious Package Detection, Code Context & Policy as Code
I am working on a next-gen software composition analysis tool that can identify malicious open source packages through code analysis. Adopts a policy as code (CEL) approach to build security guardrails against risky OSS components using opinionated policies.
GitHub: https://github.com/safedep/vet
-
chainloop
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
-
Project mention: Show HN: BuildSafe – Build 0 CVE base images with ease | news.ycombinator.com | 2024-08-23
-
-
Stream
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
-
-
-
Project mention: PMG: Wraps Package Managers to Prevent Installation of Malicious OSS Packages | news.ycombinator.com | 2025-05-15
-
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Go supply-chain-security discussion
Go supply-chain-security related posts
-
Vet MCP: Software Composition Analysis for AI Code Editors
-
Malicious npm Package Impersonating Popular Express Cookie Parser
-
How to Effectively Vet Your Supply Chain for Optimal Performance
-
Ask HN: How are you acquiring first 100 users?
-
Show HN: MCP-Shield – Detects security issues in MCP servers
-
Agentic Analysis of Open Source Package Code for Malware
-
Show HN: Scan GitHub Actions for Malicious Code
-
A note from our sponsor - Stream
getstream.io | 12 Jul 2025
Index
What are some of the best open-source supply-chain-security projects in Go? This list will help you:
| # | Project | Stars |
|---|---|---|
| 1 | guac | 1,381 |
| 2 | legitify | 812 |
| 3 | minefield | 724 |
| 4 | vet | 523 |
| 5 | chainloop | 474 |
| 6 | bsf | 290 |
| 7 | secure-repo | 291 |
| 8 | SBOM Quality Score | 220 |
| 9 | sbom-operator | 202 |
| 10 | pmg | 34 |
| 11 | solarsploit | 24 |
Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com