go
Safeguard articles tagged "go" — guides, analysis, and best practices for software supply chain and application security.
34 articles
Go Security Best Practices: A 2026 Field Guide for Backend Teams
Go ships secure defaults most other languages lack — but its supply chain, concurrency model, and cgo edges still leak real vulnerabilities. Here are the practices that actually move the needle.
Go Module Checksum Database In Depth
The Go checksum database is one of the most successful supply chain controls in any mainstream ecosystem. Here is how it actually works and where it still has edges.
Reachability Analysis for Go Modules in 2026
Go's static linking, vendoring, and govulncheck make reachability analysis tractable. Here is what works, what does not, and the false-positive numbers.
How to Monitor Go Module Substitution Attacks
Defend against Go module substitution attacks with GOPROXY, GOSUMDB, vendor verification, and checksum database monitoring — complete with working examples.
Go Module Security: sumdb, GOPROXY and Private Modules
How Go's checksum database actually protects you, where GOPROXY ordering bites, and the GOPRIVATE mistakes that leak internal module paths to public infrastructure.
The boltdb-go Backdoor: A Three-Year Go Module Mirror Persistence
A typosquat of boltdb hid a Go module mirror cache-poisoning attack for three years before Socket researchers disclosed it on January 30, 2025.
Go Build Cache Poisoning Risks
The Go build cache makes builds fast and reproducible, but a poisoned cache can reuse malicious compiled output indefinitely while the source looks clean.
go generate Supply Chain Risks
go generate is a seam where arbitrary commands run with the full privileges of the developer, and it does not show up in any manifest of trusted dependencies.
Go Toolchain Distribution Security
The Go toolchain directive can automatically download and run a different compiler version than the one your developers installed, which is convenient, reproducible, and worth understanding as a supply chain surface.
Go Checksum Verification Patterns
go.sum and the Go checksum database are among the most rigorous integrity mechanisms in any language ecosystem, and the verification patterns around them deserve to be understood and used well.
Go Module Hijacking Detection
Module hijacking in Go is rare compared to npm, but it does happen, and the patterns worth watching are different from what you might expect from other ecosystems.
Go Workspaces Supply Chain Risks
Go workspaces make multi-module development feel natural, but the go.work file introduces a new trust boundary that can quietly override pinned versions and bypass checksum verification.