gosec VS go-tools

Compare gosec vs go-tools and see what are their differences.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
gosec go-tools
22 19
7,872 6,236
0.9% -
9.0 8.8
1 day ago about 1 month ago
Go Go
Apache License 2.0 MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

gosec

Posts with mentions or reviews of gosec. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-05-07.

go-tools

Posts with mentions or reviews of go-tools. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-27.
  • Ask HN: What are some interesting tools or code repos you discovered recently
    1 project | news.ycombinator.com | 25 Aug 2023
  • Gopher Pythonista #1: Moving From Python To Go
    3 projects | dev.to | 27 Jul 2023
    Another useful tool in Go is the go vet command, which helps to identify common coding mistakes such as unreachable code or useless comparisons. In addition, external linters like staticcheck can be used to detect bugs and performance issues with ease.
  • Find project-wide unused code using Golang's LSP
    2 projects | /r/golang | 23 May 2023
    For the last year or so (as of 2023) Golang has only had one active project for linting unused code, namely: unused from https://github.com/dominikh/go-tools. It works really well, but only within a package, not across packages, like within a traditional monolith. unused used to be part of another project called staticcheck, that did indeed have a flag for detecting project-wide unused code, but that is no longer supported. There are good reasons for that (see this Github discussion), mainly that it's computationally expensive.
  • Why tf golang let's you create maps with duplicated keys
    1 project | /r/golang | 4 May 2023
    To a degree, sure. It can't pick it up in general, because of the halting problem. But some trivial cases could be caught. Feel free to write such a linter, I'm sure Dominik would gladly merge it, for example.
  • Tools besides Go for a newbie
    36 projects | /r/golang | 26 Mar 2023
    IDE: use whatever make you productive. I personally use vscode. VCS: git, as golang communities use github heavily as base for many libraries. AFAIK Linter: use staticcheck for linting as it looks like mostly used linting tool in go, supported by many also. In Vscode it will be recommended once you install go plugin. Libraries/Framework: actually the standard libraries already included many things you need, decent enough for your day-to-day development cycles(e.g. `net/http`). But here are things for extra: - Struct fields validator: validator - Http server lib: chi router , httprouter , fasthttp (for non standard http implementations, but fast) - Web Framework: echo , gin , fiber , beego , etc - Http client lib: most already covered by stdlib(net/http), so you rarely need extra lib for this, but if you really need some are: resty - CLI: cobra - Config: godotenv , viper - DB Drivers: sqlx , postgre , sqlite , mysql - nosql: redis , mongodb , elasticsearch - ORM: gorm , entgo , sqlc(codegen) - JS Transpiler: gopherjs - GUI: fyne - grpc: grpc - logging: zerolog - test: testify , gomock , dockertest - and many others you can find here
  • New linter for mixing pointer and value method receivers
    2 projects | /r/golang | 30 Nov 2022
    Also proposal to staticcheck, will see if it goes through! https://github.com/dominikh/go-tools/issues/1337
  • this result of append is never used, except maybe in other appends (SA4010)
    1 project | /r/golang | 10 Nov 2022
    This is the first result for that error in google. The comment in that issue explains it. You're building two array's c_code, and c_start_date which are built and then never read or returned or otherwise used.
  • Zig, the Small Language
    13 projects | news.ycombinator.com | 7 Sep 2022
    This really irritated me when I started working with go, but it stopped bothering me and now I even mostly like it.

    The missing error checks are annoying, but if you have appropriate editor config it is hard to miss them: https://cdn.billmill.org/static/newsyctmp/warning.png

    Basically writing go without `staticcheck`[1] is not recommended. If you do have it set up, it's pretty easy to avoid simple errors like that.

    [1]: https://staticcheck.io/

  • Our experience upgrading from go v1.17 to v1.18 for generics
    2 projects | /r/golang | 20 Jul 2022
    However, recently [per this issue](https://github.com/dominikh/go-tools/issues/1270) it is safe to re-enable the ones I highlighted with strikethrough above. I would be interested in tracking issues for the remainder if you have those linked somewhere.
  • What are your strategies to prevent nil pointers errors in your code base?
    3 projects | /r/golang | 24 Jun 2022
    Unfortunately I don't know of any tools that can/do always detect it. There's this discussion for the staticcheck linter where they basically don't think it's worth false positives in order to support it a lint for it.

What are some alternatives?

When comparing gosec and go-tools you can also consider the following projects:

golangci-lint - Fast linters runner for Go

revive - 🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

gokart - A static analysis tool for securing Go code

pre-commit-golang - Pre-commit hooks for Golang with support for monorepos, the ability to pass arguments and environment variables to all hooks, and the ability to invoke custom go tools.

ls-lint - An extremely fast directory and filename linter - Bring some structure to your project filesystem

docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

gofumpt - A stricter gofmt

rustsec - RustSec API & Tooling

GNU/Emacs go-mode - Emacs mode for the Go programming language

gokart-action - Integrate GoKart security static analysis to GitHub Actions

mopa - MOPA: My Own Personal Any. A macro to implement all the `Any` methods on your own trait.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Did you konow that Go is
the 4th most popular programming language
based on number of metions?