Our great sponsors
|9 days ago||4 days ago|
|GNU General Public License v3.0 only||Apache License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How to start a Go project in 2023
21 projects | news.ycombinator.com | 23 May 2023
Things I can't live without in a new Go project in no particular order:
- https://github.com/golangci/golangci-lint - meta-linter
- https://goreleaser.com - automate release workflows
- https://magefile.org - build tool that can version your tools
- https://github.com/ory/dockertest/v3 - run containers for e2e testing
- https://github.com/ecordell/optgen - generate functional options
- https://golang.org/x/tools/cmd/stringer - generate String()
- https://mvdan.cc/gofumpt - stricter gofmt
- https://github.com/stretchr/testify - test assertion library
- https://github.com/rs/zerolog - logging
- https://github.com/spf13/cobra - CLI framework
FWIW, I just lifted all the tools we use for https://github.com/authzed/spicedb
We've also written some custom linters that might be useful for other folks: https://github.com/authzed/spicedb/tree/main/tools/analyzers
Just migrated our Open Source project to Golang
4 projects | news.ycombinator.com | 21 Mar 2023
How to integrate golangci-lint into a project?
2 projects | /r/golang | 13 Feb 2023
Hey, I try to figure out an elegant way to integrate golangci into a Go project.
A fast HashSet implementation
3 projects | /r/golang | 13 Feb 2023
All of this is nitpicking really, but I would suggest using linters, e.g. https://github.com/golangci/golangci-lint - sometimes annoying, but mostly just helps to avoid discussions like this (and plethora of bugs).
Go 1.20 released
3 projects | /r/golang | 1 Feb 2023
Luciano Remes | Golang is 𝘼𝙡𝙢𝙤𝙨𝙩 Perfect
7 projects | /r/golang | 2 Jan 2023
You should always use golangci-lint, which includes errcheck.
Go API Project Set-Up
7 projects | dev.to | 23 Dec 2022
golangci lint - https://golangci-lint.run/
a tool for quickly creating web and microservice code
28 projects | dev.to | 15 Dec 2022
Code inspection golangci-lint
Introduccion a Golangci Lint
2 projects | dev.to | 26 Nov 2022
Thirteen Years of Go - The Go Programming Language
5 projects | /r/programming | 10 Nov 2022
I disagree with at least half of your post, tooling in Go is amazing overall and there is one linter that pretty much every one is using: https://github.com/golangci/golangci-lint
We have getrandom at home
8 projects | /r/rust | 11 Mar 2023
The crypto source in Go is great, no complaints there. Lints like gosec even recommend using it when generating crypto entropy. Go did a good job here, and I expect Rust will do the same sometime after getrandom reaches 1.0 so the API questions are settled, plus whatever makes sense for the future-proofing the standard library needs.
any open source that checks security vulnerabilities in code?
3 projects | /r/golang | 8 Mar 2023
i think there's https://github.com/securego/gosec linter
Goast: Generic static analysis for Go Abstract Syntax Tree by OPA/Rego
5 projects | dev.to | 12 Sep 2022
Various static analysis tools are available for the Go language, and existing static analysis tools can check general best practices. For example, gosec is a tool to check secure Go coding, and I use it myself. However, coding rules in software development are not only based on best practices, but can also be software- or team-specific. For example
Vulnerability Management for Go
4 projects | news.ycombinator.com | 6 Sep 2022
What's the difference between this a https://github.com/securego/gosec?
Github template for Golang services
6 projects | dev.to | 19 Jun 2022
A github actions workflow is provided to run go fmt, vet, test and gosec. An initial configuration for dependabot is also provided.
What tools exists, or you recommend, for code review, quality and/or security review
2 projects | /r/golang | 12 Dec 2021
Besides what was mentioned, we use : staticcheck.io and https://github.com/securego/gosec
Container security best practices: Comprehensive guide
17 projects | dev.to | 16 Nov 2021
For application code, there are different SAST (Static Application Security Testing) tools like sonarqube, which provide vulnerability scanners for different languages, gosec for analyzing go code and detecting issues based on rules, linters, etc.
Static code analysis tool for pipeline
2 projects | /r/golang | 26 Oct 2021
Try gosec for security vulnerabilities.
Golang Security Checker
6 projects | news.ycombinator.com | 4 Aug 2021
Web security focused frameworks (and/or) packages
3 projects | /r/golang | 29 Jul 2021
https://github.com/securego/gosec as a linter in your CI
What are some alternatives?
ireturn - Accept Interfaces, Return Concrete Types
golangci-lint-action - Official GitHub action for golangci-lint from its authors
gopl.io - Example programs from "The Go Programming Language"
go - The Go programming language
ls-lint - An extremely fast directory and filename linter - Bring some structure to your project filesystem
gokart - A static analysis tool for securing Go code
go-tools - Staticcheck - The advanced Go linter
pre-commit-golang - Pre-commit hooks for Golang with support for monorepos, the ability to pass arguments and environment variables to all hooks, and the ability to invoke custom go tools.
golang-standards/project-layout - Standard Go Project Layout
rustsec - RustSec API & Tooling
gokart-action - Integrate GoKart security static analysis to GitHub Actions