golang
Safeguard articles tagged "golang" — guides, analysis, and best practices for software supply chain and application security.
27 articles
Auditing Go Modules with govulncheck
govulncheck is unusual: it uses static analysis to tell you not just which Go dependencies are vulnerable, but whether your code actually reaches the vulnerable function.
SSRF Prevention in Go: Blocking Metadata, Redirects, and DNS Rebinding
A single unvalidated URL passed to net/http can hand an attacker your cloud metadata credentials. Here's how SSRF actually works against Go services — and the DialContext-level defense that stops it.
Preventing Command Injection in Go: Allowlists, Argument Safety, and Sandboxing
os/exec keeps the shell out of your way — but user-controlled binaries, flag injection, and PATH tricks still get Go services popped. Here's the prevention playbook, not just the theory.
Go Security Best Practices: A 2026 Field Guide for Backend Teams
Go ships secure defaults most other languages lack — but its supply chain, concurrency model, and cgo edges still leak real vulnerabilities. Here are the practices that actually move the needle.
Go Toolchain Supply Chain Risks: 2025 Research
2025 research on Go toolchain supply chain risks: module proxy abuse, replace directive attacks, cgo linker vectors, and the hardening patterns Go shops should adopt.
Go (Golang) Security Explained
Go's memory safety stops buffer overflows, not logic bugs, typosquatted modules, or CI-pipeline compromise. Here's what actually threatens Go security.
Reachability Analysis for Go Modules in 2026
Go's static linking, vendoring, and govulncheck make reachability analysis tractable. Here is what works, what does not, and the false-positive numbers.
Go's 'go get' Remote Code Execution via Crafted Import Pa...
A deep dive into CVE-2018-16873, the Go 'go get' remote code execution vulnerability caused by crafted import paths and command injection in DVCS fetches.
Go's 'go get' Directory Traversal via GOPATH Package Path...
CVE-2018-16874: a directory traversal flaw in Go's go get let malicious GOPATH import paths with curly braces write files outside the workspace.
Go module proxy vulnerability trends
A backdoor hid in Go's module proxy for 3+ years, and 63,000+ orphaned packages remain cached. Inside 2025's Go supply chain reckoning.
SQL Injection Prevention in Go with database/sql Prepared...
How Go's database/sql prepared statements prevent SQL injection, where developers still get it wrong with dynamic queries and ORMs, and how Safeguard catches these gaps in code review.
Path Traversal Prevention in Go with filepath.Join Valida...
filepath.Join in Go only cleans a path, it doesn't restrict it to a base directory. Here's why that gap produced real CVEs, and how to close it for good.