Top 23 Go Static Analysis Projects

• clair

  21 10,056 9.2 Go

  Vulnerability Static Analysis for Containers

  

Project mention: I looked through attacks in my access logs. Here's what I found | news.ycombinator.com | 2024-01-28

Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.

https://github.com/quay/clair

https://github.com/anchore/grype/

• grype

  56 7,885 9.5 Go

  A vulnerability scanner for container images and filesystems

  

Project mention: Introduction to the Kubernetes ecosystem | dev.to | 2024-04-25

Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• gosec

  20 7,490 8.7 Go

  Go security checker

  

Project mention: Secure Randomness in Go 1.22 | news.ycombinator.com | 2024-05-07

For those unaware, gosec (and by extension golangci-lint) will warn about uses of `math/rand`

https://github.com/securego/gosec/blob/d3b2359ae29fe344f4df5...

• reviewdog

  12 7,406 9.5 Go

  🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

  

• tfsec

  29 6,576 5.2 Go

  Security scanner for your Terraform code

  

Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

3. tfsec: https://github.com/aquasecurity/tfsec tfsec uses a suite of security checks to scan your Terraform templates, helping to identify potential security issues before infrastructure is deployed.

• go-tools

  19 5,929 7.9 Go

  Staticcheck - The advanced Go linter

Project mention: Ask HN: What are some interesting tools or code repos you discovered recently | news.ycombinator.com | 2023-08-25

• go-callvis

  2 5,757 2.9 Go

  Visualize call graph of a Go program using Graphviz

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• syft

  32 5,516 9.8 Go

  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  

Project mention: An Overview of Kubernetes Security Projects at KubeCon Europe 2023 | dev.to | 2023-05-22

Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.

• revive

  10 4,632 8.3 Go

  🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

Project mention: revive v1.3.4 is now available | /r/golang | 2023-09-18

The v1.3.4 of revive, the fast, configurable, extensible, flexible, and beautiful linter for Go, is available.

• go-recipes

  7 3,831 7.4 Go

  🦩 Tools for Go projects

Project mention: 2023 update to go-recipes collection | /r/golang | 2023-12-11

• nilaway

  3 2,808 8.7 Go

  Static analysis tool to detect potential nil panics in Go code

  

Project mention: Go: What We Got Right, What We Got Wrong | news.ycombinator.com | 2024-01-04

I would have more respect if they at least admitted to the flawed type system but instead say it is not a problem. It is disappointing to see past mistakes repeated in a new programming language. Even the Java language creator was humble enough to admit fault for the null pointer problem. The Go devs do not have such humility.

https://github.com/uber-go/nilaway

• kube-linter

  7 2,772 9.1 Go

  KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

  

Project mention: 10 Ways for Kubernetes Declarative Configuration Management | dev.to | 2024-01-01

Kustomize: It provides a solution to customize the Kubernetes resource base configuration and differential configuration without template and DSL. It does not solve the constraint problem itself, but needs to cooperate with a large number of additional tools to check constraints, such as Kube-linter, Checkov and kubescape.

• bearer

  18 1,769 9.5 Go

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  

Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

• go-ruleguard

  1 771 5.6 Go

  Define and run pattern-based custom linting rules.

• sqlvet

  1 485 4.5 Go

  Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

• woke

  6 433 0.0 Go

  Detect non-inclusive language in your source code.

  

• Chronos

  1 419 3.9 Go

  Chronos - A static race detector for the go language (by amit-davidson)

• xeol

  7 320 8.6 Go

  A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

  

Project mention: xeol | /r/devopspro | 2023-07-09

• bodyclose

  2 299 3.5 Go

  Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

• go-mnd

  2 188 0.0 Go

  Magic number detector for Go.

• squealer

  4 153 5.3 Go

  Telling tales on you for leaking secrets!

• nakedret

  1 125 4.4 Go

  nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

• testifylint

  1 77 8.9 Go

  The Golang linter that checks usage of github.com/stretchr/testify.

Project mention: Open source software maintenance is difficult: examples with Go math/rand/v2 and testify | dev.to | 2024-05-02

PS: @Antonboom is doing an amazing work with testifylint. That is a major tool that helps Testify users to avoid v1's traps. More than a v2.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Go Static Analysis related posts

• Open source software maintenance is difficult: examples with Go math/rand/v2 and testify

  1 project | dev.to | 2 May 2024

• Cloud Security and Resilience: DevSecOps Tools and Practices

  10 projects | dev.to | 1 May 2024

• Show HN: MicroSCOPE – identify ransomware statically with heuristics

  1 project | news.ycombinator.com | 23 Apr 2024

• DevSecOps with AWS- IaC at scale - Building your own platform - Part 1

  8 projects | dev.to | 21 Mar 2024

• I looked through attacks in my access logs. Here's what I found

  6 projects | news.ycombinator.com | 28 Jan 2024

• General Docker Troubleshooting, Best Practices & Where to Go From Here

  3 projects | dev.to | 19 Jan 2024

• Practical nil panic detection for Go

  4 projects | news.ycombinator.com | 18 Nov 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 17 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Go projects with our weekly report!