SaaSHub helps you find the best software and product alternatives Learn more β
Top 10 Go static-code-analysis Projects
-
reviewdog
πΆ Automated code review tool integrated with any code analysis tools regardless of programming language
Project mention: Supply Chain Attack on Reviewdog GitHub Actions | news.ycombinator.com | 2025-03-20 -
InfluxDB
InfluxDB β Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
Source
-
revive
π₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
The Uber page does a pretty good job of summing it up. The only thing I'd add is that there has been a little bit of effort to reduce footguns since they've posted this article; as one example, the issue with accidentally capturing range for variables is now fixed in the language[1]. On top of having a built-in race detector since 1.1 and runtime concurrent map access detection since 1.6, Go is also adding more tools to make testing concurrent code easier, which should also help ensure potentially racy code is at least tested[2]. Accidentally capturing named return values is now caught by a popular linting tool[3]. There is also gVisor's checklocks analyzer, which, with the help of annotations, can catch many misuses of mutexes and data protected by mutexes[4]. (This would be a lot nicer as a language feature, but oh well.)
I don't know if I'd evangelize for adopting Go on the scale that Uber has: I think Go works best for shared-nothing architectures and gets gradually less compelling as you dig into more complex concurrency. That said, since Uber is an early adopter, there is a decent chance that what they have learned will help future organizations avoid repeating some of the same issues, via improvements to tooling and the language.
[1]: https://go.dev/blog/loopvar-preview
[2]: https://go.dev/blog/synctest
[3]: https://github.com/mgechev/revive/blob/HEAD/RULES_DESCRIPTIO...
[4]: https://pkg.go.dev/gvisor.dev/gvisor/tools/checklocks
-
kube-score
Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
Project mention: π€ End to end LLMOps Pipeline - Part 7- Validating Kubernetes Manifests with kube-scoreπ€ | dev.to | 2024-08-18curl -L -o kube-score https://github.com/zegl/kube-score/releases/download/v1.11.0/kube-score_1.11.0_linux_amd64 chmod +x kube-score sudo mv kube-score /usr/local/bin/
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Project mention: π‘οΈ Scan and Protect Any App in 5 Minutes with Bearer CLI (SAST for Everyone) | dev.to | 2025-04-20π§° GitHub Repository: https://github.com/Bearer/bearer
-
-
nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Project mention: Some git commit histories are really embarrassing, I recommend all engineers to frequently use git rebase and git commit --amend | dev.to | 2024-12-15
Reviewbot is an open-source project by Qiniu Cloud, aimed at providing a self-hosted code review service for convenient code review/static analysis and implementation of custom engineering standards.
-
-
Go static-code-analysis discussion
Go static-code-analysis related posts
-
Show HN: Globstar β Open-source static analysis toolkit
-
Is it necessary to maintain a logical layer on top of your codebase?
-
Is it necessary to maintain a logical layer in your code repository?
-
The missing logical layer in codebases. Easily deploy. Analysis friendly. Multi languages support.
-
The missing logical layer in codebases. Analysis friendly. Multi languages support.
-
The missing logical layer in codebases
-
Also a powerful source code metadata extractor for multiple languages
-
A note from our sponsor - SaaSHub
www.saashub.com | 21 May 2025
Index
What are some of the best open-source static-code-analysis projects in Go? This list will help you:
# | Project | Stars |
---|---|---|
1 | reviewdog | 8,407 |
2 | gosec | 8,212 |
3 | revive | 5,156 |
4 | kube-score | 2,897 |
5 | bearer | 2,290 |
6 | Chronos | 433 |
7 | nakedret | 130 |
8 | reviewbot | 76 |
9 | sibyl2 | 45 |
10 | goboundcheck | 0 |