Go Devsecops

Open-source Go projects categorized as Devsecops
Edit details
Topics: Security Golang security-tools DevOps Kubernetes
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

Top 23 Go Devsecops Projects

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    4. Trivy: https://github.com/aquasecurity/trivy Trivy is a versatile tool that scans for vulnerabilities in your containers, and also checks for vulnerabilities in your application dependencies.

  • gitleaks

    Protect and discover secrets using Gitleaks πŸ”‘

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    1. Gitleaks: https://github.com/gitleaks/gitleaks Gitleaks provides a way for developers to find and prevent security breaches by scanning Git repositories for secrets like passwords and API keys.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • trufflehog

    Find and verify secrets

    • Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03

    Trufflehog

  • Netmaker

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

    • Project mention: Show HN: Wag, MFA and Enrollment for WireGuard | news.ycombinator.com | 2024-05-11

    https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard

    This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.

  • tfsec

    Security scanner for your Terraform code

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    3. tfsec: https://github.com/aquasecurity/tfsec tfsec uses a suite of security checks to scan your Terraform templates, helping to identify potential security issues before infrastructure is deployed.

  • steampipe

    Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

    • Project mention: Steampipe: Dynamically query APIs, code and more with SQL | news.ycombinator.com | 2024-04-04

  • terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • dalfox

    πŸŒ™πŸ¦Š Dalfox is a powerful open-source XSS scanner and utility focused on automation.

  • SecretScanner

    :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  • ContainerSSH

    ContainerSSH: Launch containers on demand

    • Project mention: Ask HN: Tell us about your project that's not done yet but you want feedback on | news.ycombinator.com | 2023-08-16

    - Build your own honeypot with ContainerSSH (DevConf CZ 2021) [4]

    [1]: https://containerssh.io

  • bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    • Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

  • DevSecOps

    ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 (by hahwul)

  • YaraHunter

    πŸ”πŸ” Malware scanner for cloud-native, as part of CI/CD and at Runtime πŸ”πŸ”

  • copacetic

    🧡 CLI tool for directly patching container images using reports from vulnerability scanners

    • Project mention: copacetic: 🧡 CLI tool for directly patching container images using reports from vulnerability scanners | /r/blueteamsec | 2023-11-25

  • legitify

    Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

    • Project mention: GitHub - Legit-Labs/legitify: Detect and remediate misconfigurations and security risks across all your GitHub GitLab assets. Version 1.0 is out, check out the new enterprise-level policies. | /r/netsec | 2023-08-04

  • chain-bench

    An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  • ChopChop

    ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

  • nmap-formatter

    A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.

    • Project mention: NMAP-formatter: convert NMAP results to HTML, CSV, JSON, graphviz (dot), SQLite | news.ycombinator.com | 2024-01-26

  • threagile

    Agile Threat Modeling Toolkit

    • Project mention: Threagile – Agile Threat Modeling Toolkit | news.ycombinator.com | 2023-11-17

  • Selefra

    The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

    • Project mention: A Better Version Is Released - Selefra v0.2.3 | /r/Selefra | 2023-07-03

    [Feature]Modules support filtering, while labels support customization of any format. by @FelixsJiang in #30

  • bomber

    Scans Software Bill of Materials (SBOMs) for security vulnerabilities

  • stackql

    Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

    • Project mention: Cloud Tools You Probably Haven't Heard Of | dev.to | 2024-03-31

    Like Steampipe's revolutionary approach, StackQL harnesses the power of SQL to query your resources seamlessly. Moreover, it empowers you to utilize SQL syntax for querying and creating resources.

  • chainloop

    Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

    • Project mention: Choosing the β€œold stuff” as plugin SDK for Go in 2023 | news.ycombinator.com | 2023-07-06

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go Devsecops related posts

  • Cloud Security and Resilience: DevSecOps Tools and Practices

    10 projects | dev.to | 1 May 2024

  • A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons

    6 projects | dev.to | 16 Apr 2024

  • Cloud Tools You Probably Haven't Heard Of

    3 projects | dev.to | 31 Mar 2024

  • Show HN: Vet now supports detecting malicious packages

    1 project | news.ycombinator.com | 31 Dec 2023

  • GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

    1 project | /r/cybersecurity | 10 Dec 2023

  • GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

    1 project | /r/Information_Security | 10 Dec 2023

  • GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

    1 project | /r/netsec | 10 Dec 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 17 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more β†’

Index

What are some of the best open-source Devsecops projects in Go? This list will help you:

Project Stars
1 trivy 21,525
2 gitleaks 15,361
3 trufflehog 13,996
4 Netmaker 9,005
5 tfsec 6,576
6 steampipe 6,412
7 terrascan 4,526
8 dalfox 3,324
9 SecretScanner 2,963
10 ContainerSSH 2,582
11 bearer 1,769
12 DevSecOps 1,643
13 YaraHunter 1,230
14 copacetic 799
15 legitify 710
16 chain-bench 701
17 ChopChop 653
18 nmap-formatter 602
19 threagile 566
20 Selefra 510
21 bomber 458
22 stackql 434
23 chainloop 314

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com