Go Static Analysis

Open-source Go projects categorized as Static Analysis

Top 23 Go Static Analysis Projects

  • clair

    Vulnerability Static Analysis for Containers

    Project mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | /r/selfhosted | 2023-04-15

    https://github.com/quay/clair 9.4k stars, updated 17 hours ago

  • gosec

    Go security checker

    Project mention: Top 10 Snyk Alternatives for Code Security | dev.to | 2023-08-31

    6. Gosec

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • reviewdog

    🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

    Project mention: Code reviews and Suggestions from SARIF report | dev.to | 2023-05-16

    I build a general converter from SARIF to Reviewdog Diagnostic Format (RDFormat), then use Reviewdog to give suggested code changes as well as the context of the changes for PR reviewing.

  • grype

    A vulnerability scanner for container images and filesystems

    Project mention: Scanning and remediating vulnerabilities with Grype | dev.to | 2023-08-19

    In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.

  • tfsec

    Security scanner for your Terraform code

    Project mention: IaC comparison | /r/Terraform | 2023-11-18

    You can give tfsec a try perhaps

  • go-tools

    Staticcheck - The advanced Go linter

    Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25
  • go-callvis

    Visualize call graph of a Go program using Graphviz

    Project mention: a tool for quickly creating web and microservice code | dev.to | 2022-12-15

    Dependency plugins and tools are automatically installed after executing the command: protoc-gen-go, protoc-gen-go-grpc, protoc-gen-validate, protoc-gen-gotag, protoc-gen-go-gin, protoc-gen-go-rpc-tmpl, protoc-gen-openapiv2, protoc-gen-doc, golangci-lint, swag, go-callvis.

  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.

  • syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

    Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

    Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.

  • revive

    🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

    Project mention: revive v1.3.4 is now available | /r/golang | 2023-09-18

    The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.

  • go-recipes

    🦩 Tools for Go projects

    Project mention: 2023 update to go-recipes collection | /r/golang | 2023-06-06
  • kube-linter

    KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

    Project mention: Dealing with Yaml files | /r/kubernetes | 2023-07-05

    Kube linter would be a first citizen for your need https://github.com/stackrox/kube-linter. If you use Helm would be Helm linter as well. Kube score is another interesting tool offering you best practices patterns. I usually develop with vscode and have a Yaml + Kubernetes extension. These could be enough to help you get through. Nevertheless, consider adopting a skaffold with a k3s for a faster feedback on the local dev lifecycle.

  • gokart

    A static analysis tool for securing Go code

  • nilaway

    Static Analysis tool to detect potential Nil panics in Go code

    Project mention: Practical nil panic detection for Go | news.ycombinator.com | 2023-11-18

    We'd be interested in the general characteristics of the most common ones you are seeing. If you have a chance to file a couple issues (and haven't done so yet): https://github.com/uber-go/nilaway/issues

    We definitely have gotten some useful reports there already since the blog post!

    We are aware of a number of sources of false positives and actively trying to drive them down (prioritizing the patterns that are common in our codebase, but very much interested in making the tool useful to others too!).

    Some sources of false positives are fundamental (any non-trivial type system will forbid some programs which are otherwise safe in ways that can't be proven statically), others need complex in-development features for the tool to understand (e.g. contacts, such as "foo(...) returns nil iff its third argument is nil"), and some are just a matter of adding a library model or similar small change and we just haven't run into it ourselves.

  • bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
  • go-ruleguard

    Define and run pattern-based custom linting rules.

  • sqlvet

    Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

    Project mention: Enabling static analysis of SQL queries at Meta | /r/programming | 2023-02-06

    I found a linter in go for sql https://github.com/houqp/sqlvet that uses the postgres front end to evaluate queries for syntactic errors and potential sql injection a while back and I now find even more confidence in my opinion that ORM is a waste of time.

  • Chronos

    Chronos - A static race detector for the go language (by amit-davidson)

  • woke

    Detect non-inclusive language in your source code.

    Project mention: Discussion Thread | /r/neoliberal | 2023-02-05

    They made the GitHub repo woke

  • bodyclose

    Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

    Project mention: TIL: Go Response Body MUST be closed, even if you don’t read it - Manish R Jain | /r/golang | 2023-05-12
  • xeol

    A scanner for deprecated and end-of-life (EOL) software in container images, filesystems, and SBOMs

    Project mention: xeol | /r/devopspro | 2023-07-09
  • go-mnd

    Magic number detector for Go.

    Project mention: strconv.ParseInt(myID, 10, 32) --> avoid magic numbers like '10' | /r/golang | 2023-01-27

    My bad, you can specify what functions should be ignored see issue https://github.com/tommy-muehle/go-mnd/issues/27

  • squealer

    Telling tales on you for leaking secrets!

  • nakedret

    nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

    Project mention: What was your greatest struggle when learning Go? | /r/golang | 2023-02-18

    Every Go dev should have a linter running that warns about naked returns. E.g., nakedret.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-11-18.

Go Static Analysis related posts


What are some of the best open-source Static Analysis projects in Go? This list will help you:

Project Stars
1 clair 9,819
2 gosec 7,203
3 reviewdog 6,871
4 grype 6,849
5 tfsec 6,375
6 go-tools 5,674
7 go-callvis 5,518
8 syft 4,967
9 revive 4,455
10 go-recipes 2,821
11 kube-linter 2,575
12 gokart 2,128
13 nilaway 1,514
14 bearer 1,462
15 go-ruleguard 734
16 sqlvet 475
17 Chronos 407
18 woke 404
19 bodyclose 277
20 xeol 263
21 go-mnd 176
22 squealer 147
23 nakedret 110
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives