The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Go Static Analysis Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
revive
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
-
kube-linter
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
-
xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
-
bodyclose
Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
-
nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
-
mllint
`mllint` is a command-line utility to evaluate the technical quality of Python Machine Learning (ML) projects by means of static analysis of the project's repository.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
6. Gosec
I build a general converter from SARIF to Reviewdog Diagnostic Format (RDFormat), then use Reviewdog to give suggested code changes as well as the context of the changes for PR reviewing.
Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16tfsec Owner/Maintainer: Aqua Security (acquired in 2021) Age: First released on GitHub on March 5th, 2019 License: MIT License tfsec project is no longer actively maintained in favor of the Trivy tool. But because many people still use it and it's quite famous, I added tfsec to this comparison. However, I recommend against using it for new projects.
Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.
I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.
https://github.com/uber-go/nilaway
Kustomize: It provides a solution to customize the Kubernetes resource base configuration and differential configuration without template and DSL. It does not solve the constraint problem itself, but needs to cooperate with a large number of additional tools to check constraints, such as Kube-linter, Checkov and kubescape.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
Project mention: TIL: Go Response Body MUST be closed, even if you don’t read it - Manish R Jain | /r/golang | 2023-05-12
Go Static Analysis related posts
- Show HN: MicroSCOPE – identify ransomware statically with heuristics
- DevSecOps with AWS- IaC at scale - Building your own platform - Part 1
- I looked through attacks in my access logs. Here's what I found
- General Docker Troubleshooting, Best Practices & Where to Go From Here
- Practical nil panic detection for Go
- IaC comparison
- revive v1.3.4 is now available
-
A note from our sponsor - WorkOS
workos.com | 25 Apr 2024
Index
What are some of the best open-source Static Analysis projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | clair | 10,030 |
2 | grype | 7,623 |
3 | gosec | 7,441 |
4 | reviewdog | 7,350 |
5 | tfsec | 6,544 |
6 | go-tools | 5,894 |
7 | go-callvis | 5,735 |
8 | syft | 5,451 |
9 | revive | 4,599 |
10 | go-recipes | 3,807 |
11 | nilaway | 2,758 |
12 | kube-linter | 2,748 |
13 | bearer | 1,736 |
14 | go-ruleguard | 761 |
15 | sqlvet | 485 |
16 | woke | 428 |
17 | Chronos | 419 |
18 | xeol | 318 |
19 | bodyclose | 299 |
20 | go-mnd | 186 |
21 | squealer | 152 |
22 | nakedret | 124 |
23 | mllint | 72 |
Sponsored