govulncheck
Safeguard articles tagged "govulncheck" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Common Go module vulnerability patterns and how govulncheck helps
Two real CVEs in Go's path/filepath package and a growing SSRF problem in webhook handlers show why Go's safety guarantees don't cover application logic.
The Go Vulnerability Scanning Guide: govulncheck, Reachability, and CI
Most scanners tell you a CVE exists somewhere in go.sum. govulncheck tells you whether your code can actually reach it. Here's how Go's reachability-based scanning works and how to run it well.
Auditing Go Modules with govulncheck
govulncheck is unusual: it uses static analysis to tell you not just which Go dependencies are vulnerable, but whether your code actually reaches the vulnerable function.
Scanning Go codebases for known vulnerabilities with govu...
A practical govulncheck tutorial for scanning Go codebases for known vulnerabilities, auditing dependencies, and wiring checks into your CI pipeline.
Reachability Analysis for Go Modules in 2026
Go's static linking, vendoring, and govulncheck make reachability analysis tractable. Here is what works, what does not, and the false-positive numbers.
Go vulnerability database (govulncheck) trend report
Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.
govulncheck in Production Integration
govulncheck is the best vulnerability scanner the Go ecosystem has ever had, but turning it from a demo into a production gate takes more than adding a CI step.