Skip to main content
Context Awesome

awesome-golang-security

github.com/guardrailsio/awesome-golang-security β†—

Awesome Golang Security resources πŸ•ΆπŸ”

2k
GitHub Stars
33
Curated Resources
8
Categories
4 hours ago
Last Refreshed
Web Framework HardeningLibrariesStatic Code AnalysisVulnerabilities and Security AdvisoriesPrivate Key InfrastructureHacking PlaygroundArticles, Guides & TalksReporting Bugs

Use this list with your AI agent

Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:

"Show me articles, guides & talks resources from awesome-golang-security"

Installation instructions β†’

What's inside

Articles, Guides & Talks

Web Framework Hardening

  • beego-security-headers

    beego framework filter for easy security headers management.

  • gorilla/csrf

    Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.

  • gorilla/securecookie

    Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.

  • nosurf

    CSRF protection middleware for Go.

  • secure

    Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.

  • unindexed

    A drop-in replacement for

Static Code Analysis

  • ChainJacking

    Find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.

  • CodeQL

    A tool that lets you query your code like data, in order to find vulnerabilities and bugs. See also

  • gometalinter

    Concurrently runs most of the existing go linters and normalizes their output.

  • gosec

    Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container

  • safesql

    Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.

Private Key Infrastructure

  • CloudFlare SSL

    CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.

Vulnerabilities and Security Advisories

Reporting Bugs

Hacking Playground

  • govwa

    A vulnerable golang application including the most common vulnerabilities found in web applications today.

  • Lambhack

    A very vulnerable serverless application in AWS Lambda.

Libraries

  • hsts

    Go HTTP Strict Transport Security library.

  • httprobe

    Take a list of domains and probe for working HTTP and HTTPS servers.

  • jwt-go

    Golang implementation of JSON Web Tokens (JWT).

  • paseto

    Platform-Agnostic Security Tokens implementation in GO (Golang).

Showing a sample of 33 resources. View the full list on GitHub β†’