Go static-code-analysis

Open-source Go projects categorized as static-code-analysis

Top 10 Go static-code-analysis Projects

static-code-analysis
  1. reviewdog

    🐢 Automated code review tool integrated with any code analysis tools regardless of programming language

    Project mention: Supply Chain Attack on Reviewdog GitHub Actions | news.ycombinator.com | 2025-03-20
  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. gosec

    Go security checker

    Project mention: Top 10 Code Security Tools | dev.to | 2024-10-30

    Source

  4. revive

    πŸ”₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

    Project mention: A 10x Faster TypeScript | news.ycombinator.com | 2025-03-11

    The Uber page does a pretty good job of summing it up. The only thing I'd add is that there has been a little bit of effort to reduce footguns since they've posted this article; as one example, the issue with accidentally capturing range for variables is now fixed in the language[1]. On top of having a built-in race detector since 1.1 and runtime concurrent map access detection since 1.6, Go is also adding more tools to make testing concurrent code easier, which should also help ensure potentially racy code is at least tested[2]. Accidentally capturing named return values is now caught by a popular linting tool[3]. There is also gVisor's checklocks analyzer, which, with the help of annotations, can catch many misuses of mutexes and data protected by mutexes[4]. (This would be a lot nicer as a language feature, but oh well.)

    I don't know if I'd evangelize for adopting Go on the scale that Uber has: I think Go works best for shared-nothing architectures and gets gradually less compelling as you dig into more complex concurrency. That said, since Uber is an early adopter, there is a decent chance that what they have learned will help future organizations avoid repeating some of the same issues, via improvements to tooling and the language.

    [1]: https://go.dev/blog/loopvar-preview

    [2]: https://go.dev/blog/synctest

    [3]: https://github.com/mgechev/revive/blob/HEAD/RULES_DESCRIPTIO...

    [4]: https://pkg.go.dev/gvisor.dev/gvisor/tools/checklocks

  5. kube-score

    Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

    Project mention: πŸ€– End to end LLMOps Pipeline - Part 7- Validating Kubernetes Manifests with kube-scoreπŸ€– | dev.to | 2024-08-18

    curl -L -o kube-score https://github.com/zegl/kube-score/releases/download/v1.11.0/kube-score_1.11.0_linux_amd64 chmod +x kube-score sudo mv kube-score /usr/local/bin/

  6. bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Project mention: πŸ›‘οΈ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20

    🧰 GitHub Repository: https://github.com/Bearer/bearer

  7. Chronos

    Chronos - A static race detector for the go language (by amit-davidson)

  8. nakedret

    nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. reviewbot

    Empower Your Code Quality with Self-Hosted Automated Analysis and Review

    Project mention: Some git commit histories are really embarrassing, I recommend all engineers to frequently use git rebase and git commit --amend | dev.to | 2024-12-15

    Reviewbot is an open-source project by Qiniu Cloud, aimed at providing a self-hosted code review service for convenient code review/static analysis and implementation of custom engineering standards.

  11. sibyl2

    The missing fact layer in codebases.

  12. goboundcheck

    Linter for Go ensuring all array and slice bounds are validated.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go static-code-analysis discussion

Log in or Post with

Go static-code-analysis related posts

  • Show HN: Globstar – Open-source static analysis toolkit

    9 projects | news.ycombinator.com | 28 Feb 2025
  • Is it necessary to maintain a logical layer on top of your codebase?

    1 project | /r/devops | 26 Mar 2023
  • Is it necessary to maintain a logical layer in your code repository?

    1 project | /r/devops | 26 Mar 2023
  • The missing logical layer in codebases. Easily deploy. Analysis friendly. Multi languages support.

    1 project | /r/coolgithubprojects | 25 Mar 2023
  • The missing logical layer in codebases. Analysis friendly. Multi languages support.

    1 project | /r/coolgithubprojects | 25 Mar 2023
  • The missing logical layer in codebases

    1 project | /r/coolgithubprojects | 25 Mar 2023
  • Also a powerful source code metadata extractor for multiple languages

    1 project | /r/coolgithubprojects | 13 Dec 2022
  • A note from our sponsor - SaaSHub
    www.saashub.com | 21 May 2025
    SaaSHub helps you find the best software and product alternatives Learn more β†’

Index

What are some of the best open-source static-code-analysis projects in Go? This list will help you:

# Project Stars
1 reviewdog 8,407
2 gosec 8,212
3 revive 5,156
4 kube-score 2,897
5 bearer 2,290
6 Chronos 433
7 nakedret 130
8 reviewbot 76
9 sibyl2 45
10 goboundcheck 0

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Go is
the 4th most popular programming language
based on number of references?