gosec | Mosh | |
---|---|---|
20 | 152 | |
7,468 | 12,229 | |
0.8% | 0.5% | |
8.7 | 4.6 | |
8 days ago | about 1 month ago | |
Go | C++ | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gosec
-
Secure Randomness in Go 1.22
For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`
https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...
-
Top 10 Snyk Alternatives for Code Security
6. Gosec
-
Safety in Go
You can (and definitely should!) also use gosec.
-
We have getrandom at home
The crypto source in Go is great, no complaints there. Lints like gosec even recommend using it when generating crypto entropy. Go did a good job here, and I expect Rust will do the same sometime after getrandom reaches 1.0 so the API questions are settled, plus whatever makes sense for the future-proofing the standard library needs.
-
any open source that checks security vulnerabilities in code?
i think there's https://github.com/securego/gosec linter
-
Goast: Generic static analysis for Go Abstract Syntax Tree by OPA/Rego
Various static analysis tools are available for the Go language, and existing static analysis tools can check general best practices. For example, gosec is a tool to check secure Go coding, and I use it myself. However, coding rules in software development are not only based on best practices, but can also be software- or team-specific. For example
-
Vulnerability Management for Go
What's the difference between this a https://github.com/securego/gosec?
-
Github template for Golang services
A github actions workflow is provided to run go fmt, vet, test and gosec. An initial configuration for dependabot is also provided.
- gosec
-
What tools exists, or you recommend, for code review, quality and/or security review
Besides what was mentioned, we use : staticcheck.io and https://github.com/securego/gosec
Mosh
-
The IDEs we had 30 years ago and we lost
If you haven’t already, and I know this doesn’t hold up for GUI emacs or vim, but consider running them through https://mosh.org/
- mosh: Mobile Shell
-
Write Your Own Terminal
FWIW, I wouldn't try to parse escape sequences "directly" from the input bytestream -- it's easy to end up with annoying bugs. Longer-term it's probably better to separate the logic e.g.:
- First step (for a UTF-8-input terminal emulator) means "lexing" the input bytestream as UTF-8 into a stream of USVs, which involves some subtleties (https://github.com/mobile-shell/mosh/blob/master/src/termina...).
- Second step is to run the DEC parser/FSM logic on the sequence of USVs, which is independent of the escape sequences (https://vt100.net/emu/dec_ansi_parser ; https://github.com/mobile-shell/mosh/blob/master/src/termina...).
- And then the third step is for the terminal to execute the "dispatch"/"execute"/etc. actions coming from the FSM, which is where the escape sequences and control chars get implemented (https://github.com/mobile-shell/mosh/blob/master/src/termina...).
Without this separation, it's easier to end up with bugs where, e.g., a UTF-8 sequence or an ANSI escape sequence is treated differently when it's split between multiple read() calls vs. all in one call.
-
Typing Fast Is About Latency, Not Throughput
Btw, you can use mosh to hide the latency of SSH. https://mosh.org/
-
How do I enable new pane/tab with CWD while using mosh?
I've been using Kitty's SSH features for as long as I can remember but I recently setup Mosh and I really like how it doesn't drop connections and supports roaming.
-
Buying an iPad Pro for coding was a mistake
I am surprised many people write about ssh into a server. Mosh[1] feels more responsive and it also supports longer sessions.
[1] - https://mosh.org/
-
Prompt2, heads up; they are readying up another version Prompt2 has been abandoned by devs since iOS 14 / 1y ago in a crashing state - Now they want to make another money-heist cash-grab from its users by forcing them to upgrade one of the most expensive apps of all time.
Also they support Mosh which I install on my servers. It's way better than plain ssh when you're on mobile networks and wifi, especially with connections that are unreliable or bandwidth-constrained.
- Zellij New WASM Plugin System
-
networkingStarterPack
I’ve recently been experimenting with MoSH (Mobile Shell). Basically think SSH but with UDP - so more resilient to shoddy network conditions, roaming access points, etc.
-
How can I get a lisp image to run in the background?
If it is not for production (e.g. running as a daemon or a server) and you only care about the development, another ad-hoc way is using screen/tmus-like software incl. byobu, and combine it with mosh.
What are some alternatives?
golangci-lint - Fast linters Runner for Go
Eternal Terminal - Re-Connectable secure remote shell
gokart - A static analysis tool for securing Go code
tmux - tmux source code
go-tools - Staticcheck - The advanced Go linter
Gravitational Teleport - The easiest, and most secure way to access and protect all of your infrastructure.
pre-commit-golang - Pre-commit hooks for Golang with support for monorepos, the ability to pass arguments and environment variables to all hooks, and the ability to invoke custom go tools.
Advanced SSH config - :computer: make your ssh client smarter
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Code-Server - VS Code in the browser
rustsec - RustSec API & Tooling
PowerShell - PowerShell for every system!