[Bug 258385] [New Port] devel/gokart: Static analysis tool for securing Go code

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 258385] [New Port] devel/gokart: Static analysis tool for securing Go code"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 09 Sep 2021 13:06:00 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258385

            Bug ID: 258385
           Summary: [New Port] devel/gokart: Static analysis tool for
                    securing Go code
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/praetorian-inc/gokart
                OS: Any
            Status: New
          Keywords: patch-ready
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: fuz@fuz.su

Created attachment 227783
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=227783&action=edit
devel/gokart: Static analysis tool for securing Go code

Straightforward GO_MODULES port.

Tested with Poudriere on armv7 arm64 i386 amd64 FreeBSD 13.0-RELEASE.

***

GoKart is a static analysis tool for Go that finds vulnerabilities using
the SSA (single static assignment) form of Go source code.  It is
capable of tracing the source of variables and function arguments to
determine whether input sources are safe, which reduces the number of
false positives compared to other Go security scanners.  For instance, a
SQL query that is concatenated with a variable might traditionally be
flagged as SQL injection; however, GoKart can figure out if the variable
is actually a constant or constant equivalent, in which case there is no
vulnerability.

WWW: https://github.com/praetorian-inc/gokart

-- 
You are receiving this mail because:
You are the assignee for the bug.