gosec

LSE top 100LSE top 100gosec (61)gosec (61)

Tool and Usage

Project details

Year of inception
License
Apache License 2.0
Programming language
Golang
Latest release
2.19.0
Latest release date

Project health

85
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.

How it works

The flaws that gosec checks include scanning for hardcoded authentication credentials, SQL query flaws, and unsafe usage of data. This unsafe data usage includes integers, blocks, command execution, temporary files, and more. The tool also includes a blacklist of protocols that are known to be flawed or weak, such as DES, RC5, MD5, and SHA1.

Usage and audience

gosec is commonly used for code analysis or safe software development. Target users for this tool are developers and security professionals.

Features

  • Command line interface
  • Docker support
  • JSON output supported
  • XML output supported
  • YAML output supported

Example usage and output

gosec - Golang security checker

gosec analyzes Go source code to look for common programming mistakes that
can lead to security problems.

VERSION: 1.0.0
GIT TAG: 1.0.0
BUILD DATE: 2018-04-27T12:41:38Z
Build details using -h flag

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Installation

Supported operating systems

Gosec is known to work on Linux, Microsoft Windows, and macOS.

gosec alternatives

Similar tools to gosec:

70

graudit

Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.

93

Cppcheck

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

85

Bandit

Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.

All gosec alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Definitions

AST
An abstract syntax tree (AST) is a tree representation of the related structure of source code of a particular programming language. Nodes in the tree are formed by constructs that occur in the source code. The reason that it is abstract is that it is slightly different represented than the original syntax.

AST is a term that is often used together with tools that do vulnerability scanning of source code. By looking at the syntax tree, programming flaws can be detected.

Categories

This tool is categorized as a Go security tool, code security testing tool, and static code analyzer.