SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Go Static Analysis Projects
-
Project mention: Dockerfile Best Practices: Building Efficient and Secure Containers | dev.to | 2024-08-16
Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.
-
InfluxDB
Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
-
Grype is a popular open source CVE scanner that scans for known vulnerabilities in container images and filesystems. At the time of this writing, the latest release is 0.80.1 and you can find packages for most operating systems in their releases page.
-
reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
-
Project mention: About the gosec G115 drama, or how I faced back integer conversion overflow in Go | dev.to | 2024-09-09
Because of this, gosec a linter focused on improving the security in Go, provided a linter to detect the issue: the linter G115
-
The next step in our pipeline is to do some static code analysis of our Terraform code to spot any potential misconfigurations. I'm using tfsec for this, but tfsec is migrating over to Trivy - I'll cover that in a future blog post, but for now we can add this using the following:
-
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Project mention: Ask HN: Pragmatic way to avoid supply chain attacks as a developer | news.ycombinator.com | 2024-08-17CycloneDX tools offer packages for each and every programming language. [1]
The dependency track project accumulates all dependency vulnerabilities in a dashboard. [2]
Container SBOMs can be generated with syft and grype [3] [4]
[1] https://github.com/CycloneDX
[2] https://github.com/DependencyTrack
[3] https://github.com/anchore/syft
[4] https://github.com/anchore/grype
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
revive
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
-
-
I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.
https://github.com/uber-go/nilaway
-
kube-linter
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
Kube-linter changed their download URL schema. Within hours, we had landed a fix supporting this new URL.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26 -
-
-
-
-
xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
-
bodyclose
Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
-
regal
Regal is a linter and language server for Rego, bringing your policy development experience to the next level! (by StyraInc)
Full changelog, and downloads here!
-
-
-
nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Go Static Analysis discussion
Go Static Analysis related posts
-
Deploying to Azure with Terraform and GitHub Actions
-
About the gosec G115 drama, or how I faced back integer conversion overflow in Go
-
Custom Linting Rules in Go
-
Ask HN: Pragmatic way to avoid supply chain attacks as a developer
-
Safely Upgrading our Open Source Dependencies at Scale
-
Open source software maintenance is difficult: examples with Go math/rand/v2 and testify
-
Cloud Security and Resilience: DevSecOps Tools and Practices
-
A note from our sponsor - SaaSHub
www.saashub.com | 19 Sep 2024
Index
What are some of the best open-source Static Analysis projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | clair | 10,260 |
2 | grype | 8,469 |
3 | reviewdog | 7,782 |
4 | gosec | 7,716 |
5 | tfsec | 6,657 |
6 | go-tools | 6,114 |
7 | syft | 6,015 |
8 | go-callvis | 5,916 |
9 | revive | 4,739 |
10 | go-recipes | 4,056 |
11 | nilaway | 3,031 |
12 | kube-linter | 2,913 |
13 | bearer | 1,945 |
14 | go-ruleguard | 789 |
15 | sqlvet | 490 |
16 | woke | 446 |
17 | Chronos | 424 |
18 | xeol | 340 |
19 | bodyclose | 307 |
20 | regal | 251 |
21 | go-mnd | 191 |
22 | squealer | 154 |
23 | nakedret | 126 |