Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more β
Top 23 Go Static Analysis Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
reviewdog
πΆ Automated code review tool integrated with any code analysis tools regardless of programming language
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
revive
π₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
-
kube-linter
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
-
xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
-
bodyclose
Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
-
nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`
https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...
3. tfsec: https://github.com/aquasecurity/tfsec tfsec uses a suite of security checks to scan your Terraform templates, helping to identify potential security issues before infrastructure is deployed.
Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25
Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. Itβs designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.
I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.
https://github.com/uber-go/nilaway
Kustomize: It provides a solution to customize the Kubernetes resource base configuration and differential configuration without template and DSL. It does not solve the constraint problem itself, but needs to cooperate with a large number of additional tools to check constraints, such as Kube-linter, Checkov and kubescape.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
Project mention: Open source software maintenance is difficult: examples with Go math/rand/v2 and testify | dev.to | 2024-05-02PS: @Antonboom is doing an amazing work with testifylint. That is a major tool that helps Testify users to avoid v1's traps. More than a v2.
Go Static Analysis related posts
-
Open source software maintenance is difficult: examples with Go math/rand/v2 and testify
-
Cloud Security and Resilience: DevSecOps Tools and Practices
-
Show HN: MicroSCOPE β identify ransomware statically with heuristics
-
DevSecOps with AWS- IaC at scale - Building your own platform - Part 1
-
I looked through attacks in my access logs. Here's what I found
-
General Docker Troubleshooting, Best Practices & Where to Go From Here
-
Practical nil panic detection for Go
-
A note from our sponsor - InfluxDB
www.influxdata.com | 17 May 2024
Index
What are some of the best open-source Static Analysis projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | clair | 10,056 |
2 | grype | 7,885 |
3 | gosec | 7,490 |
4 | reviewdog | 7,406 |
5 | tfsec | 6,576 |
6 | go-tools | 5,929 |
7 | go-callvis | 5,757 |
8 | syft | 5,516 |
9 | revive | 4,632 |
10 | go-recipes | 3,831 |
11 | nilaway | 2,808 |
12 | kube-linter | 2,772 |
13 | bearer | 1,769 |
14 | go-ruleguard | 771 |
15 | sqlvet | 485 |
16 | woke | 433 |
17 | Chronos | 419 |
18 | xeol | 320 |
19 | bodyclose | 299 |
20 | go-mnd | 188 |
21 | squealer | 153 |
22 | nakedret | 125 |
23 | testifylint | 77 |
Sponsored