{"id":13722090,"url":"https://github.com/segmentio/netsec","last_synced_at":"2025-09-11T18:42:28.391Z","repository":{"id":48691569,"uuid":"157044491","full_name":"segmentio/netsec","owner":"segmentio","description":"Home of code related to security of network systems.","archived":false,"fork":false,"pushed_at":"2025-01-22T17:51:12.000Z","size":13,"stargazers_count":24,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-07T14:37:18.210Z","etag":null,"topics":["paused"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/segmentio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-11-11T03:39:00.000Z","updated_at":"2025-03-03T21:45:35.000Z","dependencies_parsed_at":"2023-11-16T16:44:00.687Z","dependency_job_id":null,"html_url":"https://github.com/segmentio/netsec","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/segmentio/netsec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/segmentio%2Fnetsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/segmentio%2Fnetsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/segmentio%2Fnetsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/segmentio%2Fnetsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/segmentio","download_url":"https://codeload.github.com/segmentio/netsec/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/segmentio%2Fnetsec/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269238242,"owners_count":24383499,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-07T02:00:09.698Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["paused"],"created_at":"2024-08-03T01:01:24.483Z","updated_at":"2025-08-07T10:09:58.699Z","avatar_url":"https://github.com/segmentio.png","language":"Go","funding_links":[],"categories":["Security Enabling Tools"],"sub_categories":[],"readme":"# netsec [![CircleCI](https://circleci.com/gh/segmentio/netsec.svg?style=shield\u0026circle-token=586dc5f2f8f249b7f85b0bc22fe18067a27e0a1f)](https://circleci.com/gh/segmentio/netsec) [![Go Report Card](https://goreportcard.com/badge/github.com/segmentio/netsec)](https://goreportcard.com/report/github.com/segmentio/netsec) [![GoDoc](https://godoc.org/github.com/segmentio/netsec?status.svg)](https://godoc.org/github.com/segmentio/netsec)\n\n\u003e **Note**  \n\u003e Segment has paused maintenance on this project, but may return it to an active status in the future. Issues and pull requests from external contributors are not being considered, although internal contributions may appear from time to time. The project remains available under its open source license for anyone to use.\n\nHome of code related to security of network systems.\n\n## Motivation\n\nAs we grow as a product and a company we have increasing needs to build secure\nnetwork services. This can be quite a challenging task as security issues can be\nhard to anticipate and often depend on complex interactions in distributed\nsystems. The `netsec` package contains code which helps build and maintain\nsecure Go applications.\n\n## Restricting connections to private networks\n\nA common problem that services face is preventing unauthorized access to private\nnetworks. This often comes up when the public endpoints of those services are\nconfigured dynamically (like a webhook for example).\n\nThe `netsec` package helps protect against malicious use of those kinds of\napplications by providing a decorator for the typical dial functions used to\nestablish network connections, which can be configured to allow or deny certain\nIP network ranges.\n\nHere is an example of how a program can leverage the `netsec` package to prevent\nHTTP requests from going to private network addresses:\n```go\nimport (\n    \"net/http\"\n\n    \"github.com/segmentio/netsec\"\n)\n\nfunc init() {\n    t := http.DefaultTransport.(*http.Transport)\n    // Modifies the dial function used by the default http transport to deny\n    // requests that would reach private IP addresses.\n    t.DialContext = netsec.RestrictedDial(t.DialContext,\n        netsec.Denylist(netsec.PrivateIPNetworks),\n    )\n}\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsegmentio%2Fnetsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsegmentio%2Fnetsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsegmentio%2Fnetsec/lists"}