All Posts
Product
Releases

Release: Go analyzer lands in beta

J
Jai Pradeesh
September 10, 2019

Release: Go analyzer lands in beta

Go programming language has taken the developer ecosystem by storm. Since it's creation in 2009, the language has seen tremendous global adoption by developers looking for a lightweight as well as expressive language suited for microservices architectures. It has been touted to be on a trajectory to become the next enterprise programming language.

It gives us great pleasure to announce support for Go on DeepSource. The Go analyzer is in beta right now, and we look forward to getting feedback from you to make it better.

Issue distribution

The analyzer detects 120+ types of issues falling into the following categories — bug risks, anti-patterns, security vulnerabilities, performance issues, documentation coverage and style violations.

Go issue distribution

Here's quick overview of some sample issues from each of these categories.

Bug risks
  • Incorrect usage of append
  • Using defer in infinite loops which will never execute
  • Invalid regular expressions
  • Assignment to nil map
Security vulnerabilities
  • Poor file permissions
  • Binding to all interfaces
  • Hard-coded credentials in source code
  • Use of un-escaped data in HTML templates
Performance issues
  • Storing non-pointer values in sync.Pool
  • Using time.Tick in a leaky way
  • Optimizations when indexing maps by byte slices
Anti-patterns
  • Duplicate build constraints
  • Trapping signals like SIGKILL and SIGSTOP that can't be trapped
  • Redundant control flows
  • Missing error checks
Style violations
  • Incorrectly formatted error string
  • Misplaced default case in switch statements

Getting Started with GitHub

Analyzing Go code with DeepSource is straightforward. Just add a .deepsource.toml file to the repository root to tell DeepSource which analyzers to run. The following example configuration will run go analysis continuously on all pull requests.

File: .deepsource.toml


version = 1

test_patterns = [
  "tests/*_test.go",
  "**/*_test.go"
]

[[analyzers]]
name = "go"
enabled = true

  [analyzers.meta]
  import_path = "github.com/username/repository"

[[analyzers]]
name = "test-coverage"
enabled = true

Tracking test coverage

You can also track test coverage for your Go code. Post enabling test coverage analyzer (above step), use DeepSource CLI to report metrics from any CI systems.


# Run your tests and generate coverage report
go test -coverprofile=coverage.out

# Install 'deepsource CLI'
curl https://deepsource.io/cli | sh

# Set DEEPSOURCE_DSN env variable from repository settings page
export DEEPSOURCE_DSN=https://sampledsn@deepsource.io

# Report coverage artifact to 'test-coverage' analyzer
./bin/deepsource report --analyzer test-coverage --key go --value-file ./coverage.out

Go build.

More from DeepSource

From Zero To Secure
From Zero To Secure
A guide to risk-free SAST implementation for AppSec teams.
Code Security
SAST
Introducing, DeepSource Runner
Introducing, DeepSource Runner
Run DeepSource with SaaS convenience and on-premise security
Announcements
Platform Engineering

Get started with DeepSource

DeepSource is free forever for small teams and open-source projects. Start analyzing your code in less than 2 minutes.

CHOOSE AN ACCOUNT
GitHub
GitLab
Bitbucket

Newsletter

Read product updates, company announcements, how we build DeepSource, what we think about good code, and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
platform
resources
company
support
PLATFORM
Platform Overview Pricing
Static Analysis
SAST
Autofix™️
IaC Analysis
Reports
Code Coverage
Self-hosting
IDE
RoadmapChangelog
resources
BlogGlossaryGood Code PodcastGood First IssueSpotlight
State of Code Health
State of Go
OWASP® Top 10 Whitepaper
company
AboutSecurityTrust Reports
Jobs
Press EnquiriesBrand AssetsTermsPrivacy
support
DocumentationSystem StatusContact SalesCommunity Forum
© 2023 DeepSource Corp. All rights reserved.