Tool and Usage
- Year of inception
- Apache License 2.0
- Programming language
- Latest release
- Latest release date
Why this tool?
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.
How it works
The flaws that gosec checks include scanning for hardcoded authentication credentials, SQL query flaws, and unsafe usage of data. This unsafe data usage includes integers, blocks, command execution, temporary files, and more. The tool also includes a blacklist of protocols that are known to be flawed or weak, such as DES, RC5, MD5, and SHA1.
Usage and audience
gosec is commonly used for code analysis or safe software development. Target users for this tool are developers and security professionals.
- Command line interface
- Docker support
- JSON output supported
- XML output supported
- YAML output supported
Example usage and output
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + More than 25 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Supported operating systems
Gosec is known to work on Linux, Microsoft Windows, and macOS.
Similar tools to gosec:
Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
- An abstract syntax tree (AST) is a tree representation of the related structure of source code of a particular programming language. Nodes in the tree are formed by constructs that occur in the source code. The reason that it is abstract is that it is slightly different represented than the original syntax.
AST is a term that is often used together with tools that do vulnerability scanning of source code. By looking at the syntax tree, programming flaws can be detected.