Vulnerability Management Added To Go 1.19
Written by Kay Ewbank   
Thursday, 08 September 2022

Vulnerability management support has been added to Go 1.19. This is a first step towards helping Go developers learn about known vulnerabilities that may affect them.

Go is an open source project developed by a team at Google and many contributors from the open source community over more than 8 years. The main intended use is as a systems programming language, and it has been used in high profile commercial successes such as Docker.

golang22

The new tool uses a combination of features that analyze your codebase, and use Go's vulnerability database to identify any code that calls known vulnerabilities. The Go vulnerability database is curated by the Go security team.

The Go vulnerability database contains details about known vulnerabilities in importable packages in public Go modules. The information is drawn from existing sources such as CVEs and GHSAs, and direct reports from Go package maintainers. This information is then reviewed by the Go security team and added to the database, which can be viewed in browsers. CVEs, Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws that have been assigned a CVE ID number. GHSAs are GitHub Security Advisories.

The new ability within Go comes in the form of a new govulncheck command, which the GoLang developers describe a low-noise, reliable way for Go users to learn about known vulnerabilities that may affect their projects. Govulncheck analyzes your codebase and reports on any vulnerabilities that actually affect your project, based on which functions in your code are calling vulnerable functions.

Govulncheck has been developed as a standalone tool. This is to allow frequent updates and rapid iteration while the team gathers feedback from users. In the long term, the plan is to integrate the govulncheck tool into the main Go distribution.

To directly integrate vulnerability checking into other tools and processes, the vulncheck package exports govulncheck’s functionality as a Go API.

Go 1.19  is available for download now.

goicon2

More Information

Go Download Page

GoLang Org Webpage

Go Vulnerability Database

Related Articles

Why Is Go Good?

Go Survey 2021

Go 1.18 Released With Generics And Fuzzing

Insights Into Where Go Is Going

Go Adopts Generics

Go 1.15 Improves Linker

Go 2 Details Revealed

Help Go Develop

Go 1.11 Adds WebAssembly Port
Go Drops The Gopher - The End is in Sight

Go SDK For Azure Released

Go Survey Revelations

Go At Eight

Why invent a new language? Go creator explains

A Programmer's Guide To Go

A Programmer's Guide To Go Part 2 - Objects And Interfaces

A Programmer's Guide To Go Part 3 - Goroutines And Concurrency

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Hydraulic Atlas Bows Out, Welcome Electric Atlas
21/04/2024

Boston Dynamics dismayed us at the beginning of the week with a video that suggested was discontinuing Atlas, its humanoid robot. Fast forward a day and its successor was unveiled. Designed to be even [ ... ]


+ Full Story
GR00T Could Be The Robot You Have Always Wanted
27/03/2024

We may not have flying cars, but we could well soon have robots that match up to predictions for the 21st century. Nvidia has announced GR00T, a cleverly named project to build robots using foundation [ ... ]


+ Full Story
More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Tuesday, 13 September 2022 )