Top 16 Go Vulnerability Projects

Vulnerabilities

• Add a project

1. vuls

   1 3 11,656 9.2 Go

   Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

   

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. clair

   2 23 10,684 8.9 Go

   Vulnerability Static Analysis for Containers

   

   Project mention: Dockerfile Best Practices: Building Efficient and Secure Containers | dev.to | 2024-08-16

   Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.

4. grype

   3 61 10,204 9.7 Go

   A vulnerability scanner for container images and filesystems

   

   Project mention: Deep Dive 🤿: Where Does Grype Data Come From? | dev.to | 2024-11-12

5. CDK

   4 5 4,272 6.5 Go

   📦 Make security testing of K8s, Docker, and Containerd easier.

   

6. bearer

   5 21 2,334 8.0 Go

   Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

   

   Project mention: 🛡️ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20

   🧰 GitHub Repository: https://github.com/Bearer/bearer

7. jaeles

   6 1 2,231 3.2 Go

   The Swiss Army knife for automated Web Application Testing

   

8. copacetic

   7 8 1,360 9.5 Go

   🧵 CLI tool for directly patching container images!

   

   Project mention: ⚡ Secure your containers faster—without disrupting your workflow | dev.to | 2025-02-28

   # Define variables VERSION="0.9.0" URL="https://github.com/project-copacetic/copacetic/releases/download/v${VERSION}/copa_${VERSION}_linux_amd64.tar.gz" # Download, extract, cleanup, and move copa binary curl -L -o "copa_${VERSION}_linux_amd64.tar.gz" "$URL" && \ tar -xzf "copa_${VERSION}_linux_amd64.tar.gz" copa && \ rm "copa_${VERSION}_linux_amd64.tar.gz" && \ mv copa /usr/bin/

9. Stream

   getstream.io featured

   Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

   

10. horusec

    8 1 1,237 0.0 Go

    Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

    

    Project mention: 🔐IaC Security Made Easy with Horusec: A SAST Approach🚀 | dev.to | 2025-04-20

    Horusec GitHub

11. Open-Source-Security-Guide

    9 23 977 2.3 Go

    Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

    

12. huskyCI

    10 1 578 0.7 Go

    Performing security tests inside your CI

    

    Project mention: 🐶 Secure Your CI Pipeline in Minutes with HuskyCI (SAST for Multiple Languages) huskyci | dev.to | 2025-04-25

    git clone https://github.com/globocom/huskyCI.git cd huskyCI

13. eraser

    11 1 540 7.6 Go

    🧹 Cleaning up images from Kubernetes nodes

    

14. juicyurls

    12 1 45 5.3 Go

    CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

    

    Project mention: These Two Tools Helped Me Earn $40K in Bounties | dev.to | 2024-11-16

    Here’s the repo for juicyurls: https://github.com/alwalxed/juicyurls.

15. bif

    13 1 36 0.0 Go

    Fairwinds Base Image Finder CLI (by FairwindsOps)

    

16. depshub

    14 3 32 9.6 Go

    Dependency management toolkit: linter, updater, security scanner and more!

    

    Project mention: Build It Yourself | news.ycombinator.com | 2025-01-24

    I do use GitHub releases already https://github.com/DepsHubHQ/depshub/releases

    You can subscribe by clicking on Watch -> Custom -> Releases.

17. debcvescan

    15 1 27 0.0 Go

    Debian CVE Scanner is self-contained CVE scanner for DEBIAN distributions written in golang.

    

18. shadowspace-curzor

    16 1 7 0.0 Go

    Shadowspace is a cyberrange for active cybersecurity trainings and exercises. Curzor is one of the basics parts of that range - a web app containing multuple security vulnerabilities.

    

19. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Go Vulnerabilities related posts

• Building Secure Docker Images for Production - Best Practices

  4 projects | dev.to | 30 Jun 2023

• Security starts before the production deployment

  2 projects | dev.to | 15 Jun 2023

• A tool that scans repos and workout latest version and pull date of installed version + how to lock down repos (via some cluster policy?)

  2 projects | /r/kubernetes | 27 Apr 2023

• Degree vs Certifications

  1 project | /r/sysadmin | 23 Mar 2023

• Open Source Security Development

  1 project | /r/ITCareerQuestions | 22 Oct 2022

• Open Source Security Guide

  1 project | /r/OSINT | 17 Oct 2022

• Useful Security Guide

  1 project | /r/Cybersecurity101 | 29 Apr 2022
• A note from our sponsor - InfluxDB
  www.influxdata.com | 10 Jul 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!