[Bug 258385] [New Port] devel/gokart: Static analysis tool for securing Go code
Date: Thu, 09 Sep 2021 13:06:00 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258385 Bug ID: 258385 Summary: [New Port] devel/gokart: Static analysis tool for securing Go code Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/praetorian-inc/gokart OS: Any Status: New Keywords: patch-ready Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: fuz@fuz.su Created attachment 227783 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=227783&action=edit devel/gokart: Static analysis tool for securing Go code Straightforward GO_MODULES port. Tested with Poudriere on armv7 arm64 i386 amd64 FreeBSD 13.0-RELEASE. *** GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. WWW: https://github.com/praetorian-inc/gokart -- You are receiving this mail because: You are the assignee for the bug.