Top 23 Go Static Analysis Projects

• clair

  21 10,030 9.2 Go

  Vulnerability Static Analysis for Containers

  

Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28

Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.

https://github.com/quay/clair

https://github.com/anchore/grype/

• grype

  56 7,623 9.5 Go

  A vulnerability scanner for container images and filesystems

  

Project mention: Introduction to the Kubernetes ecosystem | dev.to | 2024-04-25

Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• gosec

  19 7,441 8.8 Go

  Go security checker

  

Project mention: Top 10 Snyk Alternatives for Code Security | dev.to | 2023-08-31

6. Gosec

• reviewdog

  12 7,350 9.4 Go

  🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

  

Project mention: Code reviews and Suggestions from SARIF report | dev.to | 2023-05-16

I build a general converter from SARIF to Reviewdog Diagnostic Format (RDFormat), then use Reviewdog to give suggested code changes as well as the context of the changes for PR reviewing.

• tfsec

  28 6,544 5.5 Go

  Security scanner for your Terraform code

  

Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16

tfsec Owner/Maintainer: Aqua Security (acquired in 2021) Age: First released on GitHub on March 5th, 2019 License: MIT License tfsec project is no longer actively maintained in favor of the Trivy tool. But because many people still use it and it's quite famous, I added tfsec to this comparison. However, I recommend against using it for new projects.

• go-tools

  19 5,894 8.1 Go

  Staticcheck - The advanced Go linter

Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25

• go-callvis

  2 5,735 2.9 Go

  Visualize call graph of a Go program using Graphviz

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• syft

  32 5,451 9.8 Go

  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  

Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.

• revive

  10 4,599 8.4 Go

  🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

Project mention: revive v1.3.4 is now available | /r/golang | 2023-09-18

The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.

• go-recipes

  7 3,807 8.2 Go

  🦩 Tools for Go projects

Project mention: 2023 update to go-recipes collection | /r/golang | 2023-12-11

• nilaway

  3 2,758 8.7 Go

  Static analysis tool to detect potential nil panics in Go code

  

Project mention: Go: What We Got Right, What We Got Wrong | news.ycombinator.com | 2024-01-04

I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.

https://github.com/uber-go/nilaway

• kube-linter

  7 2,748 9.0 Go

  KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

  

Project mention: 10 Ways for Kubernetes Declarative Configuration Management | dev.to | 2024-01-01

Kustomize: It provides a solution to customize the Kubernetes resource base configuration and differential configuration without template and DSL. It does not solve the constraint problem itself, but needs to cooperate with a large number of additional tools to check constraints, such as Kube-linter, Checkov and kubescape.

• bearer

  18 1,736 9.6 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

• go-ruleguard

  1 761 6.0 Go

  Define and run pattern-based custom linting rules.

• sqlvet

  1 485 3.6 Go

  Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

• woke

  6 428 0.0 Go

  Detect non-inclusive language in your source code.

  

• Chronos

  1 419 3.9 Go

  Chronos - A static race detector for the go language (by amit-davidson)

• xeol

  7 318 8.7 Go

  A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

  

Project mention: xeol | /r/devopspro | 2023-07-09

• bodyclose

  2 299 3.5 Go

  Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

Project mention: TIL: Go Response Body MUST be closed, even if you don’t read it - Manish R Jain | /r/golang | 2023-05-12

• go-mnd

  2 186 0.0 Go

  Magic number detector for Go.

• squealer

  4 152 5.3 Go

  Telling tales on you for leaking secrets!

• nakedret

  1 124 4.4 Go

  nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

• mllint

  3 72 3.8 Go

  `mllint` is a command-line utility to evaluate the technical quality of Python Machine Learning (ML) projects by means of static analysis of the project's repository.

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Go Static Analysis related posts

• Show HN: MicroSCOPE – identify ransomware statically with heuristics
  1 project | news.ycombinator.com | 23 Apr 2024
• DevSecOps with AWS- IaC at scale - Building your own platform - Part 1
  8 projects | dev.to | 21 Mar 2024
• I looked through attacks in my access logs. Here's what I found
  6 projects | news.ycombinator.com | 28 Jan 2024
• General Docker Troubleshooting, Best Practices & Where to Go From Here
  3 projects | dev.to | 19 Jan 2024
• Practical nil panic detection for Go
  4 projects | news.ycombinator.com | 18 Nov 2023
• IaC comparison
  1 project | /r/Terraform | 18 Nov 2023
• revive v1.3.4 is now available
  1 project | /r/golang | 18 Sep 2023
• A note from our sponsor - WorkOS
  workos.com | 25 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!