Top 23 Go Static Analysis Projects

• clair

  3 9,819 7.7 Go

  Vulnerability Static Analysis for Containers

  

  Project mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | /r/selfhosted | 2023-04-15

  https://github.com/quay/clair 9.4k stars, updated 17 hours ago

• gosec

  4 7,203 8.5 Go

  Go security checker

  

  Project mention: Top 10 Snyk Alternatives for Code Security | dev.to | 2023-08-31

  6. Gosec

• InfluxDB

  www.influxdata.com

  sponsored

  Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  

• reviewdog

  2 6,871 0.0 Go

  🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

  

  Project mention: Code reviews and Suggestions from SARIF report | dev.to | 2023-05-16

  I build a general converter from SARIF to Reviewdog Diagnostic Format (RDFormat), then use Reviewdog to give suggested code changes as well as the context of the changes for PR reviewing.

• grype

  9 6,849 0.0 Go

  A vulnerability scanner for container images and filesystems

  

  Project mention: Scanning and remediating vulnerabilities with Grype | dev.to | 2023-08-19

  In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.

• tfsec

  6 6,375 6.6 Go

  Security scanner for your Terraform code

  

  Project mention: IaC comparison | /r/Terraform | 2023-11-18

  You can give tfsec a try perhaps

• go-tools

  6 5,674 0.0 Go

  Staticcheck - The advanced Go linter

  Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25

• go-callvis

  1 5,518 0.0 Go

  Visualize call graph of a Go program using Graphviz

  Project mention: a tool for quickly creating web and microservice code | dev.to | 2022-12-15

  Dependency plugins and tools are automatically installed after executing the command: protoc-gen-go, protoc-gen-go-grpc, protoc-gen-validate, protoc-gen-gotag, protoc-gen-go-gin, protoc-gen-go-rpc-tmpl, protoc-gen-openapiv2, protoc-gen-doc, golangci-lint, swag, go-callvis.

• Onboard AI

  getonboard.dev

  sponsored

  Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  

• syft

  5 4,967 9.2 Go

  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  

  Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

  Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.

• revive

  5 4,455 8.6 Go

  🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

  Project mention: revive v1.3.4 is now available | /r/golang | 2023-09-18

  The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.

• go-recipes

  1 2,821 0.0 Go

  🦩 Tools for Go projects

  Project mention: 2023 update to go-recipes collection | /r/golang | 2023-06-06

• kube-linter

  1 2,575 0.0 Go

  KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

  

  Project mention: Dealing with Yaml files | /r/kubernetes | 2023-07-05

  Kube linter would be a first citizen for your need https://github.com/stackrox/kube-linter. If you use Helm would be Helm linter as well. Kube score is another interesting tool offering you best practices patterns. I usually develop with vscode and have a Yaml + Kubernetes extension. These could be enough to help you get through. Nevertheless, consider adopting a skaffold with a k3s for a faster feedback on the local dev lifecycle.

• gokart

  0 2,128 0.0 Go

  A static analysis tool for securing Go code

  

• nilaway

  2 1,514 8.4 Go

  Static Analysis tool to detect potential Nil panics in Go code

  

  Project mention: Practical nil panic detection for Go | news.ycombinator.com | 2023-11-18

  We'd be interested in the general characteristics of the most common ones you are seeing. If you have a chance to file a couple issues (and haven't done so yet): https://github.com/uber-go/nilaway/issues

  We definitely have gotten some useful reports there already since the blog post!

  We are aware of a number of sources of false positives and actively trying to drive them down (prioritizing the patterns that are common in our codebase, but very much interested in making the tool useful to others too!).

  Some sources of false positives are fundamental (any non-trivial type system will forbid some programs which are otherwise safe in ways that can't be proven statically), others need complex in-development features for the tool to understand (e.g. contacts, such as "foo(...) returns nil iff its third argument is nil"), and some are just a matter of adding a library model or similar small change and we just haven't run into it ourselves.

• bearer

  18 1,462 10.0 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

  Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

• go-ruleguard

  0 734 6.2 Go

  Define and run pattern-based custom linting rules.

• sqlvet

  1 475 10.0 Go

  Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

  Project mention: Enabling static analysis of SQL queries at Meta | /r/programming | 2023-02-06

  I found a linter in go for sql https://github.com/houqp/sqlvet that uses the postgres front end to evaluate queries for syntactic errors and potential sql injection a while back and I now find even more confidence in my opinion that ORM is a waste of time.

• Chronos

  0 407 3.9 Go

  Chronos - A static race detector for the go language (by amit-davidson)

• woke

  1 404 0.0 Go

  Detect non-inclusive language in your source code.

  

  Project mention: Discussion Thread | /r/neoliberal | 2023-02-05

  They made the GitHub repo woke

• bodyclose

  2 277 4.4 Go

  Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

  Project mention: TIL: Go Response Body MUST be closed, even if you don’t read it - Manish R Jain | /r/golang | 2023-05-12

• xeol

  7 263 7.7 Go

  A scanner for deprecated and end-of-life (EOL) software in container images, filesystems, and SBOMs

  

  Project mention: xeol | /r/devopspro | 2023-07-09

• go-mnd

  1 176 0.0 Go

  Magic number detector for Go.

  Project mention: strconv.ParseInt(myID, 10, 32) --> avoid magic numbers like '10' | /r/golang | 2023-01-27

  My bad, you can specify what functions should be ignored see issue https://github.com/tommy-muehle/go-mnd/issues/27

• squealer

  0 147 0.0 Go

  Telling tales on you for leaking secrets!

• nakedret

  1 110 6.4 Go

  nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

  Project mention: What was your greatest struggle when learning Go? | /r/golang | 2023-02-18

  Every Go dev should have a linter running that warns about naked returns. E.g., nakedret.

• SaaSHub

  www.saashub.com

  sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Go Static Analysis related posts

• Practical nil panic detection for Go
  4 projects | news.ycombinator.com | 18 Nov 2023
• IaC comparison
  1 project | /r/Terraform | 18 Nov 2023
• revive v1.3.4 is now available
  1 project | /r/golang | 18 Sep 2023
• Ask HN: What are some interesting tools or code repos you discovered recently
  1 project | news.ycombinator.com | 25 Aug 2023
• Gopher Pythonista #1: Moving From Python To Go
  3 projects | dev.to | 27 Jul 2023
• Dealing with Yaml files
  4 projects | /r/kubernetes | 5 Jul 2023
• Visualize Your Commits: Automatically Evaluate Function-Level Impact in Seconds with a simple setup. Cross-Language. (https://github.com/williamfzc/srctx)
  1 project | /r/coolgithubprojects | 27 Jun 2023
• A note from our sponsor - #<SponsorshipServiceOld:0x00007f0f9b2fd828>
  www.saashub.com | 9 Dec 2023

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!