GitHub Release Tracker

06/01

7

trufflesecurity/TruffleHog v3.95.4

Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.

Go 26611☆ 3441d old #golang #security #go #secret #trufflehog

06/01

7

chainloop-dev/Chainloop v1.99.0

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1185d old #golang #go #devsecops #compliance #cyclonedx

05/29

7

duriantaco/Skylos v4.22.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 448☆ 401d old #python #security #devsecops #code-quality #code-quality-analyzer

05/26

7

safedep/Package Manager Guard (PMG) v0.17.0

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 388☆ 440d old #golang #npm #go #open-source #devsecops

05/20

7

boostsecurityio/Bagel v0.7.0

Cross-platform CLI that scans developer workstations for risky tool configurations and secret metadata, producing structured JSON reports without exposing secret values.

Go 130☆ 100d old #golang #cli #go #devsecops #developer

05/20

7

betterleaks/Betterleaks v1.3.0

Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning.

Go 1015☆ 112d old #golang #go #cicd #devops #credentials

05/12

7

praetorian-inc/Titus v1.2.0

High-performance secrets scanner for source code, git history, and binary files, offering CLI, Go library, Burp and Chrome extensions, 459 detection rules, and live credential validation.

Go 547☆ 109d old #golang #chrome-extension #go #devsecops #appsec

05/11

7

safedep/vet v1.17.0

Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support.

Go 1063☆ 1251d old #golang #security #go #devsecops #supply-chain-security

05/05

7

boostsecurityio/SmokedMeat v0.2.0

CI/CD red-team framework for finding and exploiting workflow vulnerabilities, deploying implants, and post-exploitation pivoting.

Go 281☆ 46d old #golang #cli #go #ci #devops

05/29

6

garagon/Aguara v0.22.0

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/22

6

boostsecurityio/poutine v1.1.6

Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows.

Go 467☆ 778d old #github #golang #cli #go #ci

05/16

6

pii-shield/PII-Shield v2.0.1

Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing.

Go 124☆ 117d old #golang #go #json #devsecops #gdpr

05/27

5

whgojp/JavaSecLab V1.5

Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis.

JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit

05/20

5

interlynk-io/sbomasm v2.0.6

Comprehensive SBOM lifecycle toolkit for assembling, editing, enriching, removing sensitive data, signing, and viewing SBOMs.

Go 118☆ 1114d old #golang #go #devsecops #cyclonedx #gomodule

05/28

4

Pantheon-Security/MEDUSA v2026.5.11

AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

Python 588☆ 195d old #python #open-source #sast #devsecops #scanner

06/01	7	trufflesecurity/TruffleHog v3.95.4 Powerful tool for discovering, classifying, validating, and analyzing leaked credentials. Go 26611☆ 3441d old #golang #security #go #secret #trufflehog
06/01	7	chainloop-dev/Chainloop v1.99.0 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1185d old #golang #go #devsecops #compliance #cyclonedx
05/29	7	duriantaco/Skylos v4.22.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 448☆ 401d old #python #security #devsecops #code-quality #code-quality-analyzer
05/26	7	safedep/Package Manager Guard (PMG) v0.17.0 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 388☆ 440d old #golang #npm #go #open-source #devsecops
05/20	7	boostsecurityio/Bagel v0.7.0 Cross-platform CLI that scans developer workstations for risky tool configurations and secret metadata, producing structured JSON reports without exposing secret values. Go 130☆ 100d old #golang #cli #go #devsecops #developer
05/20	7	betterleaks/Betterleaks v1.3.0 Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning. Go 1015☆ 112d old #golang #go #cicd #devops #credentials
05/12	7	praetorian-inc/Titus v1.2.0 High-performance secrets scanner for source code, git history, and binary files, offering CLI, Go library, Burp and Chrome extensions, 459 detection rules, and live credential validation. Go 547☆ 109d old #golang #chrome-extension #go #devsecops #appsec
05/11	7	safedep/vet v1.17.0 Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support. Go 1063☆ 1251d old #golang #security #go #devsecops #supply-chain-security
05/05	7	boostsecurityio/SmokedMeat v0.2.0 CI/CD red-team framework for finding and exploiting workflow vulnerabilities, deploying implants, and post-exploitation pivoting. Go 281☆ 46d old #golang #cli #go #ci #devops
05/29	6	garagon/Aguara v0.22.0 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/22	6	boostsecurityio/poutine v1.1.6 Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows. Go 467☆ 778d old #github #golang #cli #go #ci
05/16	6	pii-shield/PII-Shield v2.0.1 Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing. Go 124☆ 117d old #golang #go #json #devsecops #gdpr
05/27	5	whgojp/JavaSecLab V1.5 Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis. JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit
05/20	5	interlynk-io/sbomasm v2.0.6 Comprehensive SBOM lifecycle toolkit for assembling, editing, enriching, removing sensitive data, signing, and viewing SBOMs. Go 118☆ 1114d old #golang #go #devsecops #cyclonedx #gomodule
05/28	4	Pantheon-Security/MEDUSA v2026.5.11 AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications. Python 588☆ 195d old #python #open-source #sast #devsecops #scanner