Awesome Open Source
Awesome Open Source

Sqreen for Go

Sqreen's Application Security Management for Go

After performance monitoring (APM), error and log monitoring it’s time to add a security component into your app. Sqreen’s microagent automatically monitors sensitive app’s routines, blocks attacks and reports actionable infos to your dashboard.

Sqreen for Go

Sqreen provides automatic defense against attacks:

  • Protect with security modules: RASP (Runtime Application Self-Protection), in-app WAF (Web Application Firewall), Account takeovers and more.

  • Sqreen’s modules adapt to your application stack with no need of configuration.

  • Prevent attacks from the OWASP Top 10 (Injections, XSS and more), 0-days, data Leaks, and more.

  • Create security automation playbooks that automatically react against your advanced business-logic threats.

For more details, visit sqreen.com

Quick start

  1. Use the middleware function for the Go web framework you use:

    If your framework is not listed, it is usually possible to use instead the standard net/http middleware. If not, please, let us know by creating an issue.

  2. Compile your program with Sqreen

    Sqreen's dynamic configuration of your protection is made possible thanks to Go instrumentation. It is safely performed at compilation time by the following instrumentation tool.

    Install the following instrumentation tool and compile your program using it in order to enable Sqreen.

    1. Use go install to compile the instrumentation tool:

      $ go install github.com/sqreen/go-agent/sdk/sqreen-instrumentation-tool
      

      By default, the resulting sqreen-instrumentation-tool tool is installed in the bin directory of the GOPATH. You can find it using go env GOPATH.

    2. Configure the Go toolchain to use it:

      Use the instrumentation tool using the go options -a -toolexec /path/to/sqreen-instrumentation-tool.

      It can be done either in your Go compilation command lines or by setting the GOFLAGS environment variable.

      For example, the following two commands are equivalent:

      $ go build -a -toolexec $(go env GOPATH)/bin/sqreen-instrumentation-tool my-project
      $ env GOFLAGS="-a -toolexec $(go env GOPATH)/bin/sqreen-instrumentation-tool" go build my-project
      
  3. Signup to Sqreen to get your app credentials:

    app_name: Your Go app name
    token: your token
    

    This file can be stored in your current working directory when starting the executable, the same directory as your app's executable file, or in any other path by defining the configuration file location into the environment variable SQREEN_CONFIG_FILE.

Congratulations, your Go web application is now protected by Sqreen!

Sqreen for Go

Advanced integration

Optionally, use the SDK to perform user monitoring or custom security events you would like to track and possibly block.


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Golang (171,741
Go (171,741
Security (32,258
Monitoring (12,044
Attack (7,141
Instrumentation (1,831
Waf (1,084
Owasp (1,079
Web Application Security (439
Security Automation (287
Rasp (15
Sqreen (3