Vulnerability Management Added To Go 1.19
Written by Kay Ewbank   
Thursday, 08 September 2022

Vulnerability management support has been added to Go 1.19. This is a first step towards helping Go developers learn about known vulnerabilities that may affect them.

Go is an open source project developed by a team at Google and many contributors from the open source community over more than 8 years. The main intended use is as a systems programming language, and it has been used in high profile commercial successes such as Docker.

golang22

The new tool uses a combination of features that analyze your codebase, and use Go's vulnerability database to identify any code that calls known vulnerabilities. The Go vulnerability database is curated by the Go security team.

The Go vulnerability database contains details about known vulnerabilities in importable packages in public Go modules. The information is drawn from existing sources such as CVEs and GHSAs, and direct reports from Go package maintainers. This information is then reviewed by the Go security team and added to the database, which can be viewed in browsers. CVEs, Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws that have been assigned a CVE ID number. GHSAs are GitHub Security Advisories.

The new ability within Go comes in the form of a new govulncheck command, which the GoLang developers describe a low-noise, reliable way for Go users to learn about known vulnerabilities that may affect their projects. Govulncheck analyzes your codebase and reports on any vulnerabilities that actually affect your project, based on which functions in your code are calling vulnerable functions.

Govulncheck has been developed as a standalone tool. This is to allow frequent updates and rapid iteration while the team gathers feedback from users. In the long term, the plan is to integrate the govulncheck tool into the main Go distribution.

To directly integrate vulnerability checking into other tools and processes, the vulncheck package exports govulncheck’s functionality as a Go API.

Go 1.19  is available for download now.

goicon2

More Information

Go Download Page

GoLang Org Webpage

Go Vulnerability Database

Related Articles

Why Is Go Good?

Go Survey 2021

Go 1.18 Released With Generics And Fuzzing

Insights Into Where Go Is Going

Go Adopts Generics

Go 1.15 Improves Linker

Go 2 Details Revealed

Help Go Develop

Go 1.11 Adds WebAssembly Port
Go Drops The Gopher - The End is in Sight

Go SDK For Azure Released

Go Survey Revelations

Go At Eight

Why invent a new language? Go creator explains

A Programmer's Guide To Go

A Programmer's Guide To Go Part 2 - Objects And Interfaces

A Programmer's Guide To Go Part 3 - Goroutines And Concurrency

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Trees And Heaps For Xmas - A Programmer At Xmas
24/12/2024

Christmas is a time for tradition. Finding the Christmas lights in the dark recesses of a cupboard and hanging much-loved baubles on the Christmas Tree. Running this xkcd cartoon has become a part of& [ ... ]



Greenplum's Cloudberry Fork Enters Apache Incubator
17/12/2024

Cloudberry is the open source equivalent of Greenplum.
Now it is fostered by the Apache Foundation as it acquires incubating status.


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 13 September 2022 )