SaaSHub helps you find the best software and product alternatives Learn more →
Top 15 Go vulnerability-scanner Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Project mention: Stop shipping insecure Dockerfiles: real devs don’t run as root | dev.to | 2025-05-03 -
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
-
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
For more details, check out the Trivy Operator documentation and Helm chart repository.
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
-
LogMePwn
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
-
-
vesta
A static analysis of vulnerabilities, Docker and Kubernetes cluster configuration detect toolkit based on the real penetration of cloud computing (by kvesta)
-
udpx
Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can be run on Linux, Mac OS, and Windows. Unlike internet-wide scanners like zgrab2 and zmap, UDPX is designed for portability and ease of use.
-
log4shelldetect
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Go vulnerability-scanners discussion
Go vulnerability-scanners related posts
-
Ask HN: Has anyone adopted or seen adoption of RFC8959 secret-token?
-
Dockerfile Best Practices: Writing Efficient and Secure Docker Images
-
🛡️ Effective Vulnerability Monitoring in Kubernetes
-
Day 25: Container Security with Trivy - My 90 Days of DevOps Journey
-
Enhancing Kubernetes Security with Trivy : Day 15 of 50 days DevOps Tools Series
-
Docker image vulnerabilities scanning trivy vs synk.io
-
Docker image vulnerabilities scanning trivy vs synk.io
-
A note from our sponsor - SaaSHub
www.saashub.com | 24 May 2025
Index
What are some of the best open-source vulnerability-scanner projects in Go? This list will help you:
| # | Project | Stars |
|---|---|---|
| 1 | trivy | 26,748 |
| 2 | vuls | 11,570 |
| 3 | tfsec | 6,821 |
| 4 | scan4all | 5,674 |
| 5 | SecretScanner | 3,194 |
| 6 | trivy-operator | 1,504 |
| 7 | go-dork | 1,196 |
| 8 | shortscan | 929 |
| 9 | clair-scanner | 856 |
| 10 | bomber | 566 |
| 11 | LogMePwn | 399 |
| 12 | lazytrivy | 289 |
| 13 | vesta | 198 |
| 14 | udpx | 187 |
| 15 | log4shelldetect | 45 |
Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com