Safeguard
Tag

govulncheck

Safeguard articles tagged "govulncheck" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Open Source Security

Common Go module vulnerability patterns and how govulncheck helps

Two real CVEs in Go's path/filepath package and a growing SSRF problem in webhook handlers show why Go's safety guarantees don't cover application logic.

Jul 14, 20266 min read
Security Guides

The Go Vulnerability Scanning Guide: govulncheck, Reachability, and CI

Most scanners tell you a CVE exists somewhere in go.sum. govulncheck tells you whether your code can actually reach it. Here's how Go's reachability-based scanning works and how to run it well.

Jul 4, 20266 min read
Security Guides

Auditing Go Modules with govulncheck

govulncheck is unusual: it uses static analysis to tell you not just which Go dependencies are vulnerable, but whether your code actually reaches the vulnerable function.

Jul 3, 20265 min read
Open Source Security

Scanning Go codebases for known vulnerabilities with govu...

A practical govulncheck tutorial for scanning Go codebases for known vulnerabilities, auditing dependencies, and wiring checks into your CI pipeline.

Feb 3, 20267 min read
Application Security

Reachability Analysis for Go Modules in 2026

Go's static linking, vendoring, and govulncheck make reachability analysis tractable. Here is what works, what does not, and the false-positive numbers.

Jan 22, 20265 min read
Open Source Security

Go vulnerability database (govulncheck) trend report

Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.

Nov 20, 20257 min read
Vulnerability Management

govulncheck in Production Integration

govulncheck is the best vulnerability scanner the Go ecosystem has ever had, but turning it from a demo into a production gate takes more than adding a CI step.

Nov 8, 20237 min read
govulncheck — Safeguard Blog