Awesome Golang Security resources
Clone or download
streichsbaer Update Supporter URL
Update Supported by URL to go to the landing page, not directly to the GitHub app.
Latest commit 1af841a Jan 22, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information. Fix Typo Dec 27, 2018 Update Supporter URL Jan 22, 2019 Start out with the list Nov 10, 2018

A curated list of awesome golang Security related resources.


List inspired by the awesome list thing.

Supported by:


Web Framework Hardening

  • nosurf - CSRF protection middleware for Go.
  • gorilla/csrf - Provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
  • gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
  • secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
  • unindexed - A drop-in replacement for http.Dir which disables directory indexing.
  • beego-security-headers - beego framework filter for easy security headers management.


  • paseto - Platform-Agnostic Security Tokens implementation in GO (Golang)
  • hsts - Go HTTP Strict Transport Security library
  • jwt-go - Golang implementation of JSON Web Tokens (JWT)

Static Code Analysis

  • safesql - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.
  • gosec - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container securego/gosec
  • gometalinter - Concurrently runs most of the existing go linters and normalizes their output.

Vulnerabilities and Security Advisories

Private Key Infrastructure

  • CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.


Hacking Playground

  • govwa - A vulnerable golang application including the most common vulnerabilities found in web applications today
  • Lambhack - A very vulnerable serverless application in AWS Lambda

Articles, Guides & Talks


  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Snyk - A developer-first solution that automates finding & fixing known vulnerabilities in your dependencies.


Reporting Bugs


Found an awesome project, package, article, or another type of resources related to golang Security? Send me a pull request! Just follow the guidelines. Thank you!

say hi on Twitter