SaaSHub helps you find the best software and product alternatives Learn more →
Top 11 Go Vulnerability Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Project mention: Stop shipping insecure Dockerfiles: real devs don’t run as root | dev.to | 2025-05-03 -
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
-
dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Project mention: 🛡️ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20🧰 GitHub Repository: https://github.com/Bearer/bearer
-
Project mention: ⚡ Secure your containers faster—without disrupting your workflow | dev.to | 2025-02-28
# Define variables VERSION="0.9.0" URL="https://github.com/project-copacetic/copacetic/releases/download/v${VERSION}/copa_${VERSION}_linux_amd64.tar.gz" # Download, extract, cleanup, and move copa binary curl -L -o "copa_${VERSION}_linux_amd64.tar.gz" "$URL" && \ tar -xzf "copa_${VERSION}_linux_amd64.tar.gz" copa && \ rm "copa_${VERSION}_linux_amd64.tar.gz" && \ mv copa /usr/bin/
-
Terrapin-Scanner
This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
vimp
Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures. (by mchmarny)
-
Grype's vulnerability.db gets rebuilt daily from data sourced from these upstream providers. To build this database, Grype uses two open source tools, vunnel and grype-db. The vunnel tool downloads, standardizes, and stores vulnerability data from the above upstream providers. Basically, it accesses the various provider endpoints and stores a local vulnerability database and metadata for each provider locally. The grype-db utility collates this vulnerability data, building a much smaller vulnerability.db usable by Grype.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Go Vulnerability discussion
Go Vulnerability related posts
-
Grype: Fast and Accurate Vulnerability Scanner for Containers and Filesystems
-
How to secure Terraform code with Trivy
-
A vulnerability scanner for container images and filesystems
-
Suas imagens de container não estão seguras!
-
Terrapin SSH Attack: An Overview
-
Distroless images using melange and apko
-
Scanning and remediating vulnerabilities with Grype
-
A note from our sponsor - SaaSHub
www.saashub.com | 15 May 2025
Index
What are some of the best open-source Vulnerability projects in Go? This list will help you:
| # | Project | Stars |
|---|---|---|
| 1 | trivy | 26,368 |
| 2 | grype | 9,816 |
| 3 | dalfox | 4,251 |
| 4 | dockle | 2,894 |
| 5 | bearer | 2,283 |
| 6 | copacetic | 1,296 |
| 7 | Terrapin-Scanner | 963 |
| 8 | dnstake | 839 |
| 9 | fortiscan | 162 |
| 10 | vimp | 63 |
| 11 | grype-db | 48 |
Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com