gosec
Task
gosec | Task | |
---|---|---|
19 | 113 | |
7,468 | 10,055 | |
0.8% | 2.1% | |
8.7 | 9.6 | |
4 days ago | 7 days ago | |
Go | MDX | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gosec
-
Top 10 Snyk Alternatives for Code Security
6. Gosec
-
Safety in Go
You can (and definitely should!) also use gosec.
-
We have getrandom at home
The crypto source in Go is great, no complaints there. Lints like gosec even recommend using it when generating crypto entropy. Go did a good job here, and I expect Rust will do the same sometime after getrandom reaches 1.0 so the API questions are settled, plus whatever makes sense for the future-proofing the standard library needs.
-
any open source that checks security vulnerabilities in code?
i think there's https://github.com/securego/gosec linter
-
Goast: Generic static analysis for Go Abstract Syntax Tree by OPA/Rego
Various static analysis tools are available for the Go language, and existing static analysis tools can check general best practices. For example, gosec is a tool to check secure Go coding, and I use it myself. However, coding rules in software development are not only based on best practices, but can also be software- or team-specific. For example
-
Vulnerability Management for Go
What's the difference between this a https://github.com/securego/gosec?
-
Github template for Golang services
A github actions workflow is provided to run go fmt, vet, test and gosec. An initial configuration for dependabot is also provided.
- gosec
-
What tools exists, or you recommend, for code review, quality and/or security review
Besides what was mentioned, we use : staticcheck.io and https://github.com/securego/gosec
-
Container security best practices: Comprehensive guide
For application code, there are different SAST (Static Application Security Testing) tools like sonarqube, which provide vulnerability scanners for different languages, gosec for analyzing go code and detecting issues based on rules, linters, etc.
Task
-
Show HN: Workflow Orchestrator in Golang
So many tools in this space! This one looks a little bit like go-task, but it seems maybe better for production workflows because if timeout support, while go-task seems more aimed to command line work/makefile replacement.
—-
https://github.com/go-task/task
-
Essential Command Line Tools for Developers
View on GitHub
- Task: A task runner / alternative to GNU Make
-
Using Make – writing less Makefile
A similar tool is `task` https://taskfile.dev/ . It is quite capable and also a single executable. I've grown to quite like it.
-
What’s with DevOps engineers using `make` of all things?
check out tasks - a bit of a learning curve but arguably more powerful imo
-
Go Development with Hot Reload Using Taskfile
That's when I came across taskfile.dev. Task is an automation tool designed to be more accessible than other options, such as GNU Make.
-
Poetry (Packaging) in motion
Full disclosure, I did not review Conda or Hatch fully. Not that there is anything explicitly wrong with either of them. Conda is too specific to the scientific community for my general taste. Hatch seems to go well with Conda and also uses the PyProject manifest as well. It's nice that it gives you several built in tools, similar to commit hooks, but I tend to like to roll my own via a Taskfile and run them with Poetry.
-
Building RESTful API with Hexagonal Architecture in Go
Taskfile is a tool for streamlining repetitive development tasks. It helps automate activities like building, testing, and deploying applications. Unlike Makefile, Taskfile uses YAML for configuration, making it more readable and user-friendly.
-
We built the fastest CI in the world. It failed
9. We test everything with another promotion which runs make targets which build docker containers to run python scripts (pytest)
This is also built by a complicated web of wildcarded makefile targets, which need to be interoperable and support a few if/else cases for specific components.
My plan is to migrate all of this to something simpler and more straightforward, or at least more maintainable, which is honestly probably going to turn into taskfile[0] instead of makefiles, and then simple python scripts for the glue that ties everything together or does more complex logic.
My hope is that it can be more straightforward and easier to maintain, with more component-ized logic, but realistically every step in that labyrinthine build process (and that's just the open-source version!) came from a decision made by a very talented team of engineers who know far more about the process and the product than I do. At this point I'm wondering if it would make 'more sense' to replace it with a giant python script of some kind and get access to all the logic we need all at once (it would not).
[0] https://taskfile.dev/
-
Exploring GCP With Terraform: Setting Up The Environment And Project
task - a task runner and a replacement for make
What are some alternatives?
golangci-lint - Fast linters Runner for Go
just - 🤖 Just a command runner
gokart - A static analysis tool for securing Go code
doit - task management & automation tool
go-tools - Staticcheck - The advanced Go linter
goreleaser - Deliver Go binaries as fast and easily as possible
pre-commit-golang - Pre-commit hooks for Golang with support for monorepos, the ability to pass arguments and environment variables to all hooks, and the ability to invoke custom go tools.
boilr - :zap: boilerplate template manager that generates files or directories from template repositories
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
JobRunner - Framework for performing work asynchronously, outside of the request flow
rustsec - RustSec API & Tooling
taskctl - Concurrent task runner, developer's routine tasks automation toolkit. Simple modern alternative to GNU Make 🧰