SAST tools for Golang

What is the best SAST tool to use for Golang code and can be integrated with Goland IDE?

Hi @Ruwanari_Heenkenda, welcome to the forum.

securego/gosec: Golang security checker seems worth a look. It is included in the metalinter golangci-lint (but disabled by default).

I would expect that GoLand allows setting up a Go linter as a file save action somehow (to meet the requirement of being GoLand-integratable).

There are several Static Application Security Testing (SAST) tools available for Golang code that can be integrated with the Goland IDE. While it’s subjective to determine the “best” tool as it depends on your specific requirements and preferences, I can provide you with some popular options:

  1. GoSec: GoSec is a widely used SAST tool for Golang. It analyzes Go code for security vulnerabilities and provides detailed reports. It can be integrated into the Goland IDE using plugins or by running it as a standalone command-line tool.
  2. SonarQube: SonarQube is a popular code analysis platform that supports various programming languages, including Golang. It offers a plugin for the Goland IDE, allowing you to perform security analysis and get real-time feedback on code quality and security vulnerabilities.
  3. CodeQL: CodeQL, developed by GitHub, is a powerful static analysis engine that can be used for security testing in Golang. While it doesn’t have direct integration with Goland, you can still use it by running the CodeQL CLI or by integrating it into your build process.
  4. GolangCI-Lint: GolangCI-Lint is not a traditional SAST tool but a linter that can help catch common coding mistakes and security issues in Golang code. It provides a wide range of predefined linters and can be integrated with Goland using plugins or as a command-line tool.

@Ruwanari_Heenkenda Also interesting: Govulncheck v1.0.0 was released yesterday.

Govulncheck v1.0.0 is released! - The Go Programming Language

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.