DEV Community

Cover image for Awesome Golang Security πŸ•ΆπŸ”
Stefan Streichsbier
Stefan Streichsbier

Posted on • Edited on

Awesome Golang Security πŸ•ΆπŸ”

#showdev #go #security #githunt

Golang is getting a lot of traction lately.

Leveraging awesome security tools to code securely with Go is becoming increasingly important.

For this reason, I've compiled a curated list of awesome-golang-security resources here:

GitHub logo guardrailsio / awesome-golang-security

Awesome Golang Security resources πŸ•ΆπŸ”


A curated list of awesome golang Security related resources.

Awesome

List inspired by the awesome list thing.

Supported by: GuardRails.io


Contents

Tools

Web Framework Hardening

  • nosurf - CSRF protection middleware for Go.
  • gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
  • gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
  • secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
  • unindexed - A drop-in replacement for http.Dir which disables directory indexing.
  • beego-security-headers - beego framework filter for easy security headers management.

Libraries

  • paseto - Platform-Agnostic Security Tokens implementation in GO (Golang).
  • hsts - Go HTTP Strict Transport Security library.
  • jwt-go - Golang implementation of JSON Web Tokens (JWT).
  • httprobe - Take a list of domains and probe for working HTTP and HTTPS servers.

Static Code Analysis

…
View on GitHub

Did I miss anything? Let me know in the comments.

And, please leave a like (or ⭐ the repo) if you find it useful.

Top comments (7)

Collapse
 
krusenas profile image
Karolis

Maybe add JWT library: github.com/dgrijalva/jwt-go, really solid and easy to use :)

Collapse
 
streichsbaer profile image
Stefan Streichsbier

Thanks, will do!

Collapse
 
david_j_eddy profile image
David J Eddy

Thank you for this! The awesome lists have saved me days of effort so far.

Collapse
 
pbnj profile image
Peter Benjamin (they/them)

Awesome list indeed. Thank you.

Looking forward to awesome-nodejs-security 😝

Let me know if you need a collaborator on it.

Collapse
 
streichsbaer profile image
Stefan Streichsbier

That has been done already.

github.com/lirantal/awesome-nodejs...

Collapse
 
pbnj profile image
Peter Benjamin (they/them)

Awesome. Thanks. I looked under Guardrails' GitHub org and under all articles published by you on this platform, hence why I didn't see it.

Would it be possible to consolidate all of them under the same GH org?

Thread Thread
 
streichsbaer profile image
Stefan Streichsbier

That was originally the plan, but some others have done some great lists already.

So what we’ll do is create a section on the original awesome list where we’ll link them all.

Read next

igventurelli profile image

Beware of Spring Boot Actuator Endpoint env: A Security Alert

Igor Venturelli -

pellenilsen profile image

What does CORS really do? πŸ€”

Pelle Nilsen -

cicubeteam profile image

How to Use ENV variables in GitHub Actions

CiCube -

akhil_mittal profile image

DevSecops Tools in CICD Pipeline

akhil mittal -