SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Go Static Analysis Projects
Vulnerability Static Analysis for ContainersProject mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | /r/selfhosted | 2023-04-15
https://github.com/quay/clair 9.4k stars, updated 17 hours ago
Go security checkerProject mention: Top 10 Snyk Alternatives for Code Security | dev.to | 2023-08-31
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
🐶 Automated code review tool integrated with any code analysis tools regardless of programming languageProject mention: Code reviews and Suggestions from SARIF report | dev.to | 2023-05-16
I build a general converter from SARIF to Reviewdog Diagnostic Format (RDFormat), then use Reviewdog to give suggested code changes as well as the context of the changes for PR reviewing.
A vulnerability scanner for container images and filesystemsProject mention: Scanning and remediating vulnerabilities with Grype | dev.to | 2023-08-19
In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.
Security scanner for your Terraform codeProject mention: IaC comparison | /r/Terraform | 2023-11-18
You can give tfsec a try perhaps
Staticcheck - The advanced Go linterProject mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25
Visualize call graph of a Go program using GraphvizProject mention: a tool for quickly creating web and microservice code | dev.to | 2022-12-15
Dependency plugins and tools are automatically installed after executing the command: protoc-gen-go, protoc-gen-go-grpc, protoc-gen-validate, protoc-gen-gotag, protoc-gen-go-gin, protoc-gen-go-rpc-tmpl, protoc-gen-openapiv2, protoc-gen-doc, golangci-lint, swag, go-callvis.
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
CLI tool and library for generating a Software Bill of Materials from container images and filesystemsProject mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22
Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golintProject mention: revive v1.3.4 is now available | /r/golang | 2023-09-18
The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.
🦩 Tools for Go projectsProject mention: 2023 update to go-recipes collection | /r/golang | 2023-06-06
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.Project mention: Dealing with Yaml files | /r/kubernetes | 2023-07-05
Kube linter would be a first citizen for your need https://github.com/stackrox/kube-linter. If you use Helm would be Helm linter as well. Kube score is another interesting tool offering you best practices patterns. I usually develop with vscode and have a Yaml + Kubernetes extension. These could be enough to help you get through. Nevertheless, consider adopting a skaffold with a k3s for a faster feedback on the local dev lifecycle.
A static analysis tool for securing Go code
Static Analysis tool to detect potential Nil panics in Go codeProject mention: Practical nil panic detection for Go | news.ycombinator.com | 2023-11-18
We'd be interested in the general characteristics of the most common ones you are seeing. If you have a chance to file a couple issues (and haven't done so yet): https://github.com/uber-go/nilaway/issues
We definitely have gotten some useful reports there already since the blog post!
We are aware of a number of sources of false positives and actively trying to drive them down (prioritizing the patterns that are common in our codebase, but very much interested in making the tool useful to others too!).
Some sources of false positives are fundamental (any non-trivial type system will forbid some programs which are otherwise safe in ways that can't be proven statically), others need complex in-development features for the tool to understand (e.g. contacts, such as "foo(...) returns nil iff its third argument is nil"), and some are just a matter of adding a library model or similar small change and we just haven't run into it ourselves.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
Define and run pattern-based custom linting rules.
Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.Project mention: Enabling static analysis of SQL queries at Meta | /r/programming | 2023-02-06
I found a linter in go for sql https://github.com/houqp/sqlvet that uses the postgres front end to evaluate queries for syntactic errors and potential sql injection a while back and I now find even more confidence in my opinion that ORM is a waste of time.
Chronos - A static race detector for the go language (by amit-davidson)
Detect non-inclusive language in your source code.Project mention: Discussion Thread | /r/neoliberal | 2023-02-05
They made the GitHub repo woke
Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.Project mention: TIL: Go Response Body MUST be closed, even if you don’t read it - Manish R Jain | /r/golang | 2023-05-12
A scanner for deprecated and end-of-life (EOL) software in container images, filesystems, and SBOMsProject mention: xeol | /r/devopspro | 2023-07-09
Magic number detector for Go.Project mention: strconv.ParseInt(myID, 10, 32) --> avoid magic numbers like '10' | /r/golang | 2023-01-27
My bad, you can specify what functions should be ignored see issue https://github.com/tommy-muehle/go-mnd/issues/27
Telling tales on you for leaking secrets!
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.Project mention: What was your greatest struggle when learning Go? | /r/golang | 2023-02-18
Every Go dev should have a linter running that warns about naked returns. E.g., nakedret.
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Go Static Analysis related posts
Practical nil panic detection for Go
4 projects | news.ycombinator.com | 18 Nov 2023
1 project | /r/Terraform | 18 Nov 2023
revive v1.3.4 is now available
1 project | /r/golang | 18 Sep 2023
Ask HN: What are some interesting tools or code repos you discovered recently
1 project | news.ycombinator.com | 25 Aug 2023
Gopher Pythonista #1: Moving From Python To Go
3 projects | dev.to | 27 Jul 2023
Dealing with Yaml files
4 projects | /r/kubernetes | 5 Jul 2023
Visualize Your Commits: Automatically Evaluate Function-Level Impact in Seconds with a simple setup. Cross-Language. (https://github.com/williamfzc/srctx)
1 project | /r/coolgithubprojects | 27 Jun 2023
A note from our sponsor - #<SponsorshipServiceOld:0x00007f0f9b2fd828>
www.saashub.com | 9 Dec 2023
What are some of the best open-source Static Analysis projects in Go? This list will help you: