gosec

Home Page View License View Documentation

Version: 2.26.1 darwin linux windows go security

Inspects source code for security problems by scanning the Go AST and SSA code representation.

Pattern-based rules for detecting common security issues in Go code SSA-based analyzers for type conversions, slice bounds, and crypto issues Taint analysis for tracking data flow from user input to dangerous functions (SQL injection, command injection, path traversal, SSRF, XSS, log injection, SMTP injection, SSTI, unsafe deserialization, open redirect)

Installation Instructions

Linux

Download Gosec

{
  "url": "{{ .SVar `.tool.gosec.download.url` }}",
  "destination_folder": "{{ .PDownloads }}",
  "output_filename": "{{ .SVar `.tool.gosec.download.filename` }}",
  "overwrite": false
}

Extract Gosec Release

{
  "destination": "{{ .PTools }}/gosec/{{ .SVar `.tool.gosec.download.version` }}",
  "max_file_size": 0,
  "skip_symlinks": false,
  "preserve_permissions": true,
  "remove_existing": true,
  "source": "{{ .PDownloads }}/{{ .SVar `.tool.gosec.download.filename` }}"
}

MacOS

Download Gosec

{
  "url": "{{ .SVar `.tool.gosec.download.url` }}",
  "destination_folder": "{{ .PDownloads }}",
  "output_filename": "{{ .SVar `.tool.gosec.download.filename` }}",
  "overwrite": false
}

Extract Gosec Release

{
  "destination": "{{ .PTools }}/gosec/{{ .SVar `.tool.gosec.download.version` }}",
  "max_file_size": 0,
  "skip_symlinks": false,
  "preserve_permissions": true,
  "remove_existing": true,
  "source": "{{ .PDownloads }}/{{ .SVar `.tool.gosec.download.filename` }}"
}

Binaries

gosec