Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Go Security Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
-
Gravitational Teleport
The easiest, and most secure way to access and protect all of your infrastructure.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
-
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
-
Ory Hydra
OpenID Certifiedâ„¢ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
These projects use Caddy as my local development server, Dart Sass for converting my Sass files to CSS, elm, elm-format, elm-optimize-level-2, elm-review, elm-test (only in Calculator), ShellCheck to find bugs in my shell scripts, and Terser to mangle and compress JavaScript code.
4. Trivy: https://github.com/aquasecurity/trivy Trivy is a versatile tool that scans for vulnerabilities in your containers, and also checks for vulnerabilities in your application dependencies.
It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.
Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...
Project mention: Cisco to Acquire Cloud Native Networking and Security Leader Isovalent | news.ycombinator.com | 2023-12-21They would have had to add a few externals to get to Graduated but it's definitely a minority:
https://github.com/cilium/cilium/blob/main/MAINTAINERS.md
SlimToolkit empowers developers to create better, smaller, and more secure containers without sacrificing their existing workflows. Explore the project on GitHub or visit the official website to learn more.
Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22Nuclei
Project mention: List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting. | dev.to | 2024-04-30Teleport - Comprehensive control plane tool, but also supports accessing apps behind NATs. Written in Go.
Project mention: bettercap VS petep - a user suggested alternative | libhunt.com/r/bettercap | 2023-10-03
Project mention: keepsecret.py: a simple way to encrypt secret files in your repository | dev.to | 2024-04-28age
1. Gitleaks: https://github.com/gitleaks/gitleaks Gitleaks provides a way for developers to find and prevent security breaches by scanning Git repositories for secrets like passwords and API keys.
My script just sets up default .sops.yaml for https://github.com/getsops/sops
You can further edit .sops.yaml(eg have multiple of them) and decide how you split secrets in your directory tree to further customize who can decrypt the secrets.
It works pretty well for prod/dev splits, etc
Project mention: Show HN: Open-source OAuth2 server Ory Hydra now 6x faster | news.ycombinator.com | 2024-02-13
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
this way is very phishable because today hackers just pay Google Ads for a concrete city to catch victims (who google) and redirect them to its phishing recourse (that could be created by gophish easily)
Project mention: CodiumAI PR-Agent Dominates the Dev World with Versatility and Open-Source Power | dev.to | 2023-12-03CodiumAI PR-Agent’s influence extends deeply within open-source projects. An exemplary illustration is Kubespace, a Cloud Native Computing Foundation (CNCF) sandbox project. Since its adoption in August, Kubespace has been utilizing the PR-Agent service. They also recently had a public bug bounty collaboration with CodiumAI. This program added an extra layer of community-driven scrutiny, encouraging contributors to utilize simple commands like /describe for effective pull request messages. Here the contributor wanted to better describe the PR, so he used the /describe prompt.
https://github.com/netbirdio/netbird seems to be completely open source (BSD), https://github.com/gravitl/netmaker?tab=License-1-ov-file#re... uses Apache for the non-pro stuff, and both of those I found by simply looking at https://github.com/topics/wireguard
This is why I asked, the phrase "I decided to reinvent the wheel which has honestly been quite fun with learning about eBPF, and recently clustering and HA with etcd" makes it sound like it's doing a bunch of cool stuff (which I want to hear about!), but the readme says nothing about those.
Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`
https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...
Project mention: Take a look at traefik, even if you don't use containers | news.ycombinator.com | 2024-05-05This is one area where I've found nixos to be really helpful. I can set this up with just adding some lines to the configuration.nix (which uses [lego](https://github.com/go-acme/lego) and letsencrypt in the backend):
```nix
Project mention: Show HN: Stack, the open-source Clerk/Firebase Auth alternative | news.ycombinator.com | 2024-04-14If you're looking for a system that has more features, is user friendly, a nice admin ui and easy deployments compared to Keycloak. Please give https://goauthentik.io/ a shot. Not affiliated in any way, just a very happy user.
It has
-an admin UI
- Supports (LDAP, SAML, OAUTH, social logins)
- MFA, Passkeys
- Application access based on user groups etc
Go Security related posts
-
Show HN: Wag, MFA and Enrollment for WireGuard
-
Optimize Your Containerized App with SlimToolkit
-
Secure Randomness in Go 1.22
-
To developers: you must not reqire a password from users
-
How to Implement Authorization in React JS
-
Cloud Security and Resilience: DevSecOps Tools and Practices
-
keepsecret.py: a simple way to encrypt secret files in your repository
-
A note from our sponsor - InfluxDB
www.influxdata.com | 17 May 2024
Index
What are some of the best open-source Security projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | Caddy | 54,259 |
2 | trivy | 21,525 |
3 | authelia | 19,719 |
4 | cilium | 18,672 |
5 | Lean and Mean Docker containers | 18,287 |
6 | nuclei | 17,464 |
7 | Gravitational Teleport | 16,705 |
8 | bettercap | 15,762 |
9 | age | 15,428 |
10 | gitleaks | 15,361 |
11 | sops | 15,248 |
12 | Ory Hydra | 15,136 |
13 | trufflehog | 13,996 |
14 | chezmoi | 11,869 |
15 | vuls | 10,699 |
16 | gophish | 10,716 |
17 | kubescape | 9,753 |
18 | Netmaker | 9,005 |
19 | crowdsec | 7,861 |
20 | grype | 7,730 |
21 | gosec | 7,490 |
22 | lego | 7,324 |
23 | authentik | 7,000 |
Sponsored