Date: Thu, 09 Sep 2021 13:06:00 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 258385] [New Port] devel/gokart: Static analysis tool for securing Go code Message-ID: <bug-258385-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258385 Bug ID: 258385 Summary: [New Port] devel/gokart: Static analysis tool for securing Go code Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/praetorian-inc/gokart OS: Any Status: New Keywords: patch-ready Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: fuz@fuz.su Created attachment 227783 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D227783&action= =3Dedit devel/gokart: Static analysis tool for securing Go code Straightforward GO_MODULES port. Tested with Poudriere on armv7 arm64 i386 amd64 FreeBSD 13.0-RELEASE. *** GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. WWW: https://github.com/praetorian-inc/gokart --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258385-7788>