SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Go Static Analysis Projects
-
Project mention: Open source container scanning tool to find vulnerabilities and suggest best practice improvements? | /r/selfhosted | 2023-04-15
https://github.com/quay/clair 9.4k stars, updated 17 hours ago
-
6. Gosec
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
I build a general converter from SARIF to Reviewdog Diagnostic Format (RDFormat), then use Reviewdog to give suggested code changes as well as the context of the changes for PR reviewing.
-
In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.
-
You can give tfsec a try perhaps
-
Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25
-
Dependency plugins and tools are automatically installed after executing the command: protoc-gen-go, protoc-gen-go-grpc, protoc-gen-validate, protoc-gen-gotag, protoc-gen-go-gin, protoc-gen-go-rpc-tmpl, protoc-gen-openapiv2, protoc-gen-doc, golangci-lint, swag, go-callvis.
-
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
-
revive
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.
-
-
kube-linter
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
Kube linter would be a first citizen for your need https://github.com/stackrox/kube-linter. If you use Helm would be Helm linter as well. Kube score is another interesting tool offering you best practices patterns. I usually develop with vscode and have a Yaml + Kubernetes extension. These could be enough to help you get through. Nevertheless, consider adopting a skaffold with a k3s for a faster feedback on the local dev lifecycle.
-
-
We'd be interested in the general characteristics of the most common ones you are seeing. If you have a chance to file a couple issues (and haven't done so yet): https://github.com/uber-go/nilaway/issues
We definitely have gotten some useful reports there already since the blog post!
We are aware of a number of sources of false positives and actively trying to drive them down (prioritizing the patterns that are common in our codebase, but very much interested in making the tool useful to others too!).
Some sources of false positives are fundamental (any non-trivial type system will forbid some programs which are otherwise safe in ways that can't be proven statically), others need complex in-development features for the tool to understand (e.g. contacts, such as "foo(...) returns nil iff its third argument is nil"), and some are just a matter of adding a library model or similar small change and we just haven't run into it ourselves.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26 -
-
I found a linter in go for sql https://github.com/houqp/sqlvet that uses the postgres front end to evaluate queries for syntactic errors and potential sql injection a while back and I now find even more confidence in my opinion that ORM is a waste of time.
-
-
They made the GitHub repo woke
-
bodyclose
Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
Project mention: TIL: Go Response Body MUST be closed, even if you don’t read it - Manish R Jain | /r/golang | 2023-05-12 -
xeol
A scanner for deprecated and end-of-life (EOL) software in container images, filesystems, and SBOMs
-
Project mention: strconv.ParseInt(myID, 10, 32) --> avoid magic numbers like '10' | /r/golang | 2023-01-27
My bad, you can specify what functions should be ignored see issue https://github.com/tommy-muehle/go-mnd/issues/27
-
-
nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
Every Go dev should have a linter running that warns about naked returns. E.g., nakedret.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Go Static Analysis related posts
- Practical nil panic detection for Go
- IaC comparison
- revive v1.3.4 is now available
- Ask HN: What are some interesting tools or code repos you discovered recently
- Gopher Pythonista #1: Moving From Python To Go
- Dealing with Yaml files
- Visualize Your Commits: Automatically Evaluate Function-Level Impact in Seconds with a simple setup. Cross-Language. (https://github.com/williamfzc/srctx)
-
A note from our sponsor - #<SponsorshipServiceOld:0x00007f0f9b2fd828>
www.saashub.com | 9 Dec 2023
Index
What are some of the best open-source Static Analysis projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | clair | 9,819 |
2 | gosec | 7,203 |
3 | reviewdog | 6,871 |
4 | grype | 6,849 |
5 | tfsec | 6,375 |
6 | go-tools | 5,674 |
7 | go-callvis | 5,518 |
8 | syft | 4,967 |
9 | revive | 4,455 |
10 | go-recipes | 2,821 |
11 | kube-linter | 2,575 |
12 | gokart | 2,128 |
13 | nilaway | 1,514 |
14 | bearer | 1,462 |
15 | go-ruleguard | 734 |
16 | sqlvet | 475 |
17 | Chronos | 407 |
18 | woke | 404 |
19 | bodyclose | 277 |
20 | xeol | 263 |
21 | go-mnd | 176 |
22 | squealer | 147 |
23 | nakedret | 110 |