gosec is a command-line security scanner for Go projects.
It analyses Go source code by inspecting both the abstract syntax tree and SSA representation to uncover security weaknesses such as insecure coding patterns, injection risks, file and path handling issues, and cryptographic problems. The tool can be run locally in a development workflow, integrated into GitHub Actions, and used with SARIF output for code scanning pipelines.
This is free and open source software.
Key Features
- Scans Go code for common security issues using pattern-based rules.
- Uses SSA-based analysis to detect problems involving type conversions, slice bounds, and cryptographic usage.
- Includes taint analysis to trace user-controlled data flowing into dangerous functions.
- Supports multiple reporting formats including JSON and SARIF.
- Integrates with GitHub Actions and GitHub code scanning workflows.
- Provides a standard Go analysis package for integration with compatible tooling.
Website: github.com/securego/gosec
Support:
Developer: securego
License: Apache License 2.0
gosec is written in Go. Learn Go with our recommended free books and free tutorials.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |