Go Static Analysis

Open-source Go projects categorized as Static Analysis

Top 23 Go Static Analysis Projects

Static Analysis
  • clair

    Vulnerability Static Analysis for Containers

    Project mention: Dockerfile Best Practices: Building Efficient and Secure Containers | dev.to | 2024-08-16

    Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.

  • InfluxDB

    Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.

    InfluxDB logo
  • grype

    A vulnerability scanner for container images and filesystems

    Project mention: Running WordPress on Containers | dev.to | 2024-09-18

    Grype is a popular open source CVE scanner that scans for known vulnerabilities in container images and filesystems. At the time of this writing, the latest release is 0.80.1 and you can find packages for most operating systems in their releases page.

  • reviewdog

    🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

  • gosec

    Go security checker

    Project mention: About the gosec G115 drama, or how I faced back integer conversion overflow in Go | dev.to | 2024-09-09

    Because of this, gosec a linter focused on improving the security in Go, provided a linter to detect the issue: the linter G115

  • tfsec

    Tfsec is now part of Trivy

    Project mention: Deploying to Azure with Terraform and GitHub Actions | dev.to | 2024-09-19

    The next step in our pipeline is to do some static code analysis of our Terraform code to spot any potential misconfigurations. I'm using tfsec for this, but tfsec is migrating over to Trivy - I'll cover that in a future blog post, but for now we can add this using the following:

  • go-tools

    Staticcheck - The advanced Go linter

  • syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

    Project mention: Ask HN: Pragmatic way to avoid supply chain attacks as a developer | news.ycombinator.com | 2024-08-17

    CycloneDX tools offer packages for each and every programming language. [1]

    The dependency track project accumulates all dependency vulnerabilities in a dashboard. [2]

    Container SBOMs can be generated with syft and grype [3] [4]

    [1] https://github.com/CycloneDX

    [2] https://github.com/DependencyTrack

    [3] https://github.com/anchore/syft

    [4] https://github.com/anchore/grype

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • go-callvis

    Visualize call graph of a Go program using Graphviz

  • revive

    🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

  • go-recipes

    🦩 Tools for Go projects

    Project mention: Go-recipes: Tools for Go projects | news.ycombinator.com | 2024-06-01
  • nilaway

    Static analysis tool to detect potential nil panics in Go code

    Project mention: Go: What We Got Right, What We Got Wrong | news.ycombinator.com | 2024-01-04

    I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.

    https://github.com/uber-go/nilaway

  • kube-linter

    KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

    Project mention: Safely Upgrading our Open Source Dependencies at Scale | dev.to | 2024-06-28

    Kube-linter changed their download URL schema. Within hours, we had landed a fix supporting this new URL.

  • bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
  • go-ruleguard

    Define and run pattern-based custom linting rules.

    Project mention: Custom Linting Rules in Go | news.ycombinator.com | 2024-08-25
  • sqlvet

    Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

  • woke

    Detect non-inclusive language in your source code.

  • Chronos

    Chronos - A static race detector for the go language (by amit-davidson)

  • xeol

    A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

  • bodyclose

    Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

  • regal

    Regal is a linter and language server for Rego, bringing your policy development experience to the next level! (by StyraInc)

    Project mention: Regal v0.14.0 released | /r/OpenPolicyAgent | 2023-12-05

    Full changelog, and downloads here!

  • go-mnd

    Magic number detector for Go.

  • squealer

    Telling tales on you for leaking secrets!

  • nakedret

    nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go Static Analysis discussion

Log in or Post with

Go Static Analysis related posts

  • Deploying to Azure with Terraform and GitHub Actions

    2 projects | dev.to | 19 Sep 2024
  • About the gosec G115 drama, or how I faced back integer conversion overflow in Go

    1 project | dev.to | 9 Sep 2024
  • Custom Linting Rules in Go

    1 project | news.ycombinator.com | 25 Aug 2024
  • Ask HN: Pragmatic way to avoid supply chain attacks as a developer

    3 projects | news.ycombinator.com | 17 Aug 2024
  • Safely Upgrading our Open Source Dependencies at Scale

    4 projects | dev.to | 28 Jun 2024
  • Open source software maintenance is difficult: examples with Go math/rand/v2 and testify

    1 project | dev.to | 2 May 2024
  • Cloud Security and Resilience: DevSecOps Tools and Practices

    10 projects | dev.to | 1 May 2024
  • A note from our sponsor - SaaSHub
    www.saashub.com | 19 Sep 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Static Analysis projects in Go? This list will help you:

Project Stars
1 clair 10,260
2 grype 8,469
3 reviewdog 7,782
4 gosec 7,716
5 tfsec 6,657
6 go-tools 6,114
7 syft 6,015
8 go-callvis 5,916
9 revive 4,739
10 go-recipes 4,056
11 nilaway 3,031
12 kube-linter 2,913
13 bearer 1,945
14 go-ruleguard 789
15 sqlvet 490
16 woke 446
17 Chronos 424
18 xeol 340
19 bodyclose 307
20 regal 251
21 go-mnd 191
22 squealer 154
23 nakedret 126

Sponsored
Purpose built for real-time analytics at any scale.
InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
www.influxdata.com

Did you konow that Go is
the 4th most popular programming language
based on number of metions?