GitHub Release Tracker

06/12

8

gravitl/Netmaker v1.6.0

Automates virtual networks using WireGuard for various environments.

Go 11628☆ 1906d old #golang #go #wireguard #devsecops #vpn

06/13

7

safedep/Package Manager Guard (PMG) v0.19.0

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 430☆ 450d old #golang #npm #go #open-source #devsecops

06/09

7

chainloop-dev/Chainloop v1.100.0

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 558☆ 1195d old #golang #go #devsecops #compliance #cyclonedx

06/09

7

duriantaco/Skylos v4.24.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 453☆ 409d old #python #security #devsecops #code-quality #code-quality-analyzer

06/05

7

pii-shield/PII-Shield v2.1.0

Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing.

Go 143☆ 131d old #golang #go #json #devsecops #gdpr

06/05

7

boostsecurityio/SmokedMeat v0.3.0

CI/CD red-team framework for finding and exploiting workflow vulnerabilities, deploying implants, and post-exploitation pivoting.

Go 324☆ 71d old #golang #cli #go #ci #devops

06/01

7

trufflesecurity/TruffleHog v3.95.4

Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.

Go 26690☆ 3447d old #golang #security #go #secret #trufflehog

05/20

7

boostsecurityio/Bagel v0.7.0

Cross-platform CLI that scans developer workstations for risky tool configurations and secret metadata, producing structured JSON reports without exposing secret values.

Go 130☆ 100d old #golang #cli #go #devsecops #developer

05/20

7

betterleaks/Betterleaks v1.3.0

Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning.

Go 1146☆ 125d old #golang #go #cicd #devops #credentials

06/12

6

garagon/Aguara v0.27.0

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 82☆ 115d old #golang #security #go #devsecops #mcp

06/11

6

safedep/vet v1.17.4

Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support.

Go 1076☆ 1261d old #golang #security #go #devsecops #supply-chain-security

06/10

6

Pantheon-Security/MEDUSA v2026.6.0

AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

Python 597☆ 208d old #python #open-source #sast #devsecops #scanner

06/09

6

praetorian-inc/Titus v1.2.2

High-performance secrets scanner for source code, git history, and binary files, offering CLI, Go library, Burp and Chrome extensions, 459 detection rules, and live credential validation.

Go 591☆ 139d old #golang #chrome-extension #go #devsecops #appsec

05/22

6

boostsecurityio/poutine v1.1.6

Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows.

Go 467☆ 778d old #github #golang #cli #go #ci

05/27

5

whgojp/JavaSecLab V1.5

Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis.

JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit

05/20

5

interlynk-io/sbomasm v2.0.6

Comprehensive SBOM lifecycle toolkit for assembling, editing, enriching, removing sensitive data, signing, and viewing SBOMs.

Go 118☆ 1114d old #golang #go #devsecops #cyclonedx #gomodule

06/12	8	gravitl/Netmaker v1.6.0 Automates virtual networks using WireGuard for various environments. Go 11628☆ 1906d old #golang #go #wireguard #devsecops #vpn
06/13	7	safedep/Package Manager Guard (PMG) v0.19.0 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 430☆ 450d old #golang #npm #go #open-source #devsecops
06/09	7	chainloop-dev/Chainloop v1.100.0 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 558☆ 1195d old #golang #go #devsecops #compliance #cyclonedx
06/09	7	duriantaco/Skylos v4.24.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 453☆ 409d old #python #security #devsecops #code-quality #code-quality-analyzer
06/05	7	pii-shield/PII-Shield v2.1.0 Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing. Go 143☆ 131d old #golang #go #json #devsecops #gdpr
06/05	7	boostsecurityio/SmokedMeat v0.3.0 CI/CD red-team framework for finding and exploiting workflow vulnerabilities, deploying implants, and post-exploitation pivoting. Go 324☆ 71d old #golang #cli #go #ci #devops
06/01	7	trufflesecurity/TruffleHog v3.95.4 Powerful tool for discovering, classifying, validating, and analyzing leaked credentials. Go 26690☆ 3447d old #golang #security #go #secret #trufflehog
05/20	7	boostsecurityio/Bagel v0.7.0 Cross-platform CLI that scans developer workstations for risky tool configurations and secret metadata, producing structured JSON reports without exposing secret values. Go 130☆ 100d old #golang #cli #go #devsecops #developer
05/20	7	betterleaks/Betterleaks v1.3.0 Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning. Go 1146☆ 125d old #golang #go #cicd #devops #credentials
06/12	6	garagon/Aguara v0.27.0 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 82☆ 115d old #golang #security #go #devsecops #mcp
06/11	6	safedep/vet v1.17.4 Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support. Go 1076☆ 1261d old #golang #security #go #devsecops #supply-chain-security
06/10	6	Pantheon-Security/MEDUSA v2026.6.0 AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications. Python 597☆ 208d old #python #open-source #sast #devsecops #scanner
06/09	6	praetorian-inc/Titus v1.2.2 High-performance secrets scanner for source code, git history, and binary files, offering CLI, Go library, Burp and Chrome extensions, 459 detection rules, and live credential validation. Go 591☆ 139d old #golang #chrome-extension #go #devsecops #appsec
05/22	6	boostsecurityio/poutine v1.1.6 Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows. Go 467☆ 778d old #github #golang #cli #go #ci
05/27	5	whgojp/JavaSecLab V1.5 Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis. JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit
05/20	5	interlynk-io/sbomasm v2.0.6 Comprehensive SBOM lifecycle toolkit for assembling, editing, enriching, removing sensitive data, signing, and viewing SBOMs. Go 118☆ 1114d old #golang #go #devsecops #cyclonedx #gomodule