Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Go Static Analysis Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
revive
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
-
kube-linter
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
-
xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
-
bodyclose
Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
-
nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
Project mention: A vulnerability scanner for container images and filesystems | news.ycombinator.com | 2024-05-24
For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`
https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...
3. tfsec: https://github.com/aquasecurity/tfsec tfsec uses a suite of security checks to scan your Terraform templates, helping to identify potential security issues before infrastructure is deployed.
Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25
The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.
I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.
https://github.com/uber-go/nilaway
Kustomize: It provides a solution to customize the Kubernetes resource base configuration and differential configuration without template and DSL. It does not solve the constraint problem itself, but needs to cooperate with a large number of additional tools to check constraints, such as Kube-linter, Checkov and kubescape.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
Project mention: Open source software maintenance is difficult: examples with Go math/rand/v2 and testify | dev.to | 2024-05-02PS: @Antonboom is doing an amazing work with testifylint. That is a major tool that helps Testify users to avoid v1's traps. More than a v2.
Go Static Analysis related posts
-
Open source software maintenance is difficult: examples with Go math/rand/v2 and testify
-
Cloud Security and Resilience: DevSecOps Tools and Practices
-
Show HN: MicroSCOPE – identify ransomware statically with heuristics
-
DevSecOps with AWS- IaC at scale - Building your own platform - Part 1
-
I looked through attacks in my access logs. Here's what I found
-
General Docker Troubleshooting, Best Practices & Where to Go From Here
-
Practical nil panic detection for Go
-
A note from our sponsor - InfluxDB
www.influxdata.com | 29 May 2024
Index
What are some of the best open-source Static Analysis projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | clair | 10,084 |
2 | grype | 7,929 |
3 | gosec | 7,527 |
4 | reviewdog | 7,443 |
5 | tfsec | 6,589 |
6 | go-tools | 5,956 |
7 | go-callvis | 5,771 |
8 | syft | 5,566 |
9 | revive | 4,643 |
10 | go-recipes | 3,852 |
11 | nilaway | 2,857 |
12 | kube-linter | 2,782 |
13 | bearer | 1,790 |
14 | go-ruleguard | 771 |
15 | sqlvet | 486 |
16 | woke | 433 |
17 | Chronos | 419 |
18 | xeol | 329 |
19 | bodyclose | 299 |
20 | go-mnd | 188 |
21 | squealer | 153 |
22 | nakedret | 125 |
23 | testifylint | 78 |
Sponsored