Top 10 Go static-code-analysis Projects

static-code-analysis

• Add a project

1. reviewdog

   1 13 8,407 9.6 Go

   🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

   

   Project mention: Supply Chain Attack on Reviewdog GitHub Actions | news.ycombinator.com | 2025-03-20

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. gosec

   2 22 8,212 9.0 Go

   Go security checker

   

   Project mention: Top 10 Code Security Tools | dev.to | 2024-10-30

   Source

4. revive

   3 11 5,156 9.4 Go

   🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

   

   Project mention: A 10x Faster TypeScript | news.ycombinator.com | 2025-03-11

   The Uber page does a pretty good job of summing it up. The only thing I'd add is that there has been a little bit of effort to reduce footguns since they've posted this article; as one example, the issue with accidentally capturing range for variables is now fixed in the language[1]. On top of having a built-in race detector since 1.1 and runtime concurrent map access detection since 1.6, Go is also adding more tools to make testing concurrent code easier, which should also help ensure potentially racy code is at least tested[2]. Accidentally capturing named return values is now caught by a popular linting tool[3]. There is also gVisor's checklocks analyzer, which, with the help of annotations, can catch many misuses of mutexes and data protected by mutexes[4]. (This would be a lot nicer as a language feature, but oh well.)

   I don't know if I'd evangelize for adopting Go on the scale that Uber has: I think Go works best for shared-nothing architectures and gets gradually less compelling as you dig into more complex concurrency. That said, since Uber is an early adopter, there is a decent chance that what they have learned will help future organizations avoid repeating some of the same issues, via improvements to tooling and the language.

   [1]: https://go.dev/blog/loopvar-preview

   [2]: https://go.dev/blog/synctest

   [3]: https://github.com/mgechev/revive/blob/HEAD/RULES_DESCRIPTIO...

   [4]: https://pkg.go.dev/gvisor.dev/gvisor/tools/checklocks

5. kube-score

   4 10 2,897 7.6 Go

   Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

   

   Project mention: 🤖 End to end LLMOps Pipeline - Part 7- Validating Kubernetes Manifests with kube-score🤖 | dev.to | 2024-08-18

   curl -L -o kube-score https://github.com/zegl/kube-score/releases/download/v1.11.0/kube-score_1.11.0_linux_amd64 chmod +x kube-score sudo mv kube-score /usr/local/bin/

6. bearer

   5 21 2,290 8.0 Go

   Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

   

   Project mention: 🛡️ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20

   🧰 GitHub Repository: https://github.com/Bearer/bearer

7. Chronos

   6 1 433 3.9 Go

   Chronos - A static race detector for the go language (by amit-davidson)

   

8. nakedret

   7 1 130 6.4 Go

   nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. reviewbot

    8 1 76 9.2 Go

    Empower Your Code Quality with Self-Hosted Automated Analysis and Review

    

    Project mention: Some git commit histories are really embarrassing, I recommend all engineers to frequently use git rebase and git commit --amend | dev.to | 2024-12-15

    Reviewbot is an open-source project by Qiniu Cloud, aimed at providing a self-hosted code review service for convenient code review/static analysis and implementation of custom engineering standards.

11. sibyl2

    9 10 45 5.8 Go

    The missing fact layer in codebases.

    

12. goboundcheck

    10 1 0 5.8 Go

    Linter for Go ensuring all array and slice bounds are validated.

    

Go static-code-analysis related posts

• Show HN: Globstar – Open-source static analysis toolkit

  9 projects | news.ycombinator.com | 28 Feb 2025

• Is it necessary to maintain a logical layer on top of your codebase?

  1 project | /r/devops | 26 Mar 2023

• Is it necessary to maintain a logical layer in your code repository?

  1 project | /r/devops | 26 Mar 2023

• The missing logical layer in codebases. Easily deploy. Analysis friendly. Multi languages support.

  1 project | /r/coolgithubprojects | 25 Mar 2023

• The missing logical layer in codebases. Analysis friendly. Multi languages support.

  1 project | /r/coolgithubprojects | 25 Mar 2023

• The missing logical layer in codebases

  1 project | /r/coolgithubprojects | 25 Mar 2023

• Also a powerful source code metadata extractor for multiple languages

  1 project | /r/coolgithubprojects | 13 Dec 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 21 May 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Go projects with our weekly report!