In about 10 years, the Go programming language gained significant traction. Many developers use Go to develop complex applications. The language has a lot of advantages (fast compile-time, strong typing). And very few drawbacks.
The developer community asked for better Go support on Codiga. Today, we announce the availability of our new Go static analyzer.
Static Analysis for Go
The Codiga Static Analysis engine detects the following issues for the Go language:
- security: our analyzer detects any coding pattern that may introduce a vulnerability. It identifies CWE (Common Weakness Vulnerability) and other unsafe code blocks
- good practices: our analyzer is aware of all good practices and error-prone patterns. For example, it flags any condition that is too complex.
- performance: our analyzers suggest removing dead or inefficient code.
- coding style: our analyzer is aware of good naming conventions and code styles for Go.
In total, more than 60 rules are available in our Go static analyzer.
Automated Code Reviews for Go
The availability of Go in our static analysis engine enables automated code reviews for Go. Codiga processes and annotates pull or merge requests that contain Go code. Automated code reviews are available for GitHub, GitLab, and Bitbucket.
Under the hood
Our Go analyzers uses the following open-source tools:
- revive: a very fast linter for Go that checks Go code against a set of good practices
- gosec: a security-oriented linter that flags insecure Go code patterns
- staticcheck: another popular linter that checks Go code against a set of good practices
Codiga aggregates issues reported by these linters and surface them in our interface or directly in your pull request.
Try it yourself!
Our Go static analyzer is available to all Codiga users today. Log into the platform. Add your project and do a code review: Codiga analyzes and flags coding issues within seconds before the code is merged.