Top 3 Go Scan Projects
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.Project mention: How are you securing your Azure DevOps IaC pipelines? | /r/AZURE | 2023-05-26
Terrascan could also be useful : https://github.com/tenable/terrascan
Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.Project mention: Detecting Secrets in Git Repositories | /r/kubernetes | 2023-07-07
It's been a while since I looked, but pre-commit hooks (like talisman) would be the only way to prevent secrets from being committed/pushed. Server-side hooks are generally not supported on hosted repos (e.g. github, azure devops) since it's basically arbitrary code execution from the host's perspective.
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
Sqreen's Application Security Management for the Go languageProject mention: Aspect-Oriented Programming | news.ycombinator.com | 2023-06-14
As with all things, it is a tool to be used wisely, and refrain from seeing everything as a nail when you have this hammer.
It is notably extremely useful as a concept for instrumenting software, which is exactly what e.g APMs are doing.
(disclaimer: I used to work at Sqreen, now work at Datadog)
Short of having first class support for AOP we're left implementing our own solutions to hook and instrument on various languages.
Go Scans related posts
What are some of the best open-source Scan projects in Go? This list will help you: