gosec
Safeguard articles tagged "gosec" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Command injection in Go: os/exec, exec.Command, and how it still goes wrong
Go's exec.Command never invokes a shell — yet CWE-78 command injection keeps shipping in Go services. Here's exactly how, and how gosec's G204 rule catches it.
The gosec Static Analysis Guide: Rules, CI, and Taming False Positives
gosec catches hardcoded secrets, weak crypto, unsafe SQL, and command injection in Go — but only if you run it well and triage it honestly. A practical guide to the rules that matter and the noise that doesn't.
gosec: Static Analysis for Go Security
gosec is the standard security linter for Go. Here is what it catches, what it misses, and how to integrate it effectively into your workflow.
GoSec Static Analysis for Go: Practical Security Scanning
GoSec finds security issues in Go source code. Here is how to get the most out of it without fighting false positives all day.