gosec
pre-commit-golang
gosec | pre-commit-golang | |
---|---|---|
22 | 17 | |
7,939 | 290 | |
1.0% | - | |
9.1 | 0.0 | |
7 days ago | over 1 year ago | |
Go | Shell | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gosec
-
Top 10 Code Security Tools
Source
-
About the gosec G115 drama, or how I faced back integer conversion overflow in Go
Because of this, gosec a linter focused on improving the security in Go, provided a linter to detect the issue: the linter G115
-
Secure Randomness in Go 1.22
For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`
https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...
-
Top 10 Snyk Alternatives for Code Security
6. Gosec
-
Safety in Go
You can (and definitely should!) also use gosec.
-
We have getrandom at home
The crypto source in Go is great, no complaints there. Lints like gosec even recommend using it when generating crypto entropy. Go did a good job here, and I expect Rust will do the same sometime after getrandom reaches 1.0 so the API questions are settled, plus whatever makes sense for the future-proofing the standard library needs.
-
any open source that checks security vulnerabilities in code?
i think there's https://github.com/securego/gosec linter
-
Goast: Generic static analysis for Go Abstract Syntax Tree by OPA/Rego
Various static analysis tools are available for the Go language, and existing static analysis tools can check general best practices. For example, gosec is a tool to check secure Go coding, and I use it myself. However, coding rules in software development are not only based on best practices, but can also be software- or team-specific. For example
-
Vulnerability Management for Go
What's the difference between this a https://github.com/securego/gosec?
-
Github template for Golang services
A github actions workflow is provided to run go fmt, vet, test and gosec. An initial configuration for dependabot is also provided.
pre-commit-golang
-
Gofumpt: It's like gofmt except more strict
For those who may be interested, my go pre-commit hooks package has built-in support for gofumpt (along with a bunch if other linters):
https://github.com/TekWizely/pre-commit-golang
-
Pre-Commit-Golang v1.0.0-rc.1 - Support For Environment Variables
TekWizely / pre-commit-golang v1.0.0-rc.1
-
New go-critic v0.6.0
github / TekWizely / pre-ommit-golang
- pre-commit-golang - v1.0.0-beta.4 - Go Mod Tidy, GoFumpt, StaticCheck
-
https://np.reddit.com/r/golang/comments/p4lykq/precommitgolang_v100beta4_recent_updates/h8zn8nf/
v1.0.0-beta.4 Support for staticcheck
-
pre-commit-golang - v1.0.0-beta.4 + Recent updates
v1.0.0-beta.2 Support for go mod tidy Support for goumpt
- Pre-commit-Golang – v1.0.0-beta.4 and Recent updates
-
Pre-commit-Golang v1.0.0-beta.1 – Now with support for running custom go tools
Quick Links: Project Page | Available Hooks | Installation | Releases
pre-commit-golang v1.0.0-beta.2
What are some alternatives?
golangci-lint - Fast linters runner for Go
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
gokart - A static analysis tool for securing Go code
gofumpt - A stricter gofmt
go-tools - Staticcheck - The advanced Go linter
go-critic - The most opinionated Go source code linter for code audit.
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
go-parsing - A Multi-Package Go Repo Focused on Text Parsing, with Lexers, Parsers, and Related Utils
rustsec - RustSec API & Tooling
GVM - Go Version Manager
gokart-action - Integrate GoKart security static analysis to GitHub Actions
TabNine - AI Code Completions