Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today. Learn more →
Top 7 Go Vulnerability Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
The combination of a smaller attack surface and up-to-date, patched packages in Wolfi results in less (always aiming for ZERO) CVEs. This can be demonstrated in the results obtained from Trivy when scanning the most popular PHP images on Docker Hub (with data from March 2, 2023) and comparing them with the Wolfi-based PHP image maintained by Chainguard:
-
Project mention: Show HN: Xeol – An End Of Life (EOL) package scanner for container images | news.ycombinator.com | 2023-02-02
Hey everyone! I open-sourced a project that finds unsupported/End of Life software in container images, systems, and SBOMs.
It's based on https://github.com/anchore/grype and uses https://endoflife.date/ as a data source for EOL packages.
-
SonarLint
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
-
Dalfox is great: https://github.com/hahwul/dalfox
-
dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
-
-
-
Project mention: Show HN: Archer – open-source distributed network and vulnerability scanner | news.ycombinator.com | 2023-02-16
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
Go Vulnerability related posts
- Looking for Recommendations for New Vulnerability & PHI/PII Scanner
- Is this Dockerfile ready for production? Is the container automatically secure?
- Jetstack Paranoia: A New Open-Source Tool for Container Image Security
- What are the best tools for live container scanning?
- Grype
- 📢 Grype v0.40.1 released and php support
- Show HN: Releasing Vulnerabilities of Open Source Software
-
A note from our sponsor - SonarLint
www.sonarlint.org | 23 Mar 2023
Index
What are some of the best open-source Vulnerability projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | trivy | 16,637 |
2 | grype | 5,380 |
3 | dalfox | 2,402 |
4 | dockle | 2,286 |
5 | dnstake | 741 |
6 | fortiscan | 147 |
7 | archer | 15 |