I'm a developer and system builder. Currently leading VM scanning at @AikidoSec. Founder of CloudAid. I work primarily in Go, Node.js, and AWS.
I build tools, write about what I learn, and maintain open-source projects in the cloud security and infrastructure space.
| Project | What it does |
|---|---|
| cloud-provider-ip-addresses | Daily-updated IP ranges for 35+ providers (AWS, Azure, GCP, Cloudflare, GitHub, Fastly,Linode + GoogleBot/BingBot/GPTBot) in 12+ formats |
| sbomlyze | SBOM comparison & diff to detect supply-chain tampering and drift in CI |
| axios4go | Axios-inspired HTTP client for Go — interceptors, automatic retries |
| go-cloudip | Sub-microsecond cloud provider IP detection for Go |
| js-cloudip | Sub-millisecond cloud provider detection for Node.js & the browser |
| py-cloudip | Fast, auto-updating cloud provider IP detection for Python |
| ip-watch | Auto-applies cloud provider IP ranges to nginx, caddy, haproxy & firewalls |
| go-is-disposable-email | High-performance Go package for detecting disposable/temporary email addresses |
| simple-load-balancer | HTTP load balancer in Go using only the standard library |
| awesome-security-pipeline | Curated security tools organized by CI/CD pipeline stage |
The cloudip family (go · js · py) shares one daily-updated source of truth: cloud-provider-ip-addresses.
- Build a Live Goroutine Visualizer in Go: Detect Leaks in Any Running Process
- How to Compare Container SBOMs and Detect Drift Between Image Versions
- Beyond Vulnerability Scanning: How SBOM Diff Exposes Shadow Dependencies in Your Supply Chain
- Inside Go's strconv — a 7-part deep dive (Atoi/Itoa through quoting & character utilities)
- macOS Hardware Detection with Go
- Build a Terminal System Monitor in Go
More at rezmoss.com/blog
I wrote Go at Scale: Patterns for Professional Development on Go patterns covering concurrency, microservices, event-driven architecture, and more. Companion code is here