Gosec

Gosec is an open-source static application security testing (SAST) tool that inspects Go source code for security vulnerabilities by analyzing the Go Abstract Syntax Tree (AST) to identify common programming mistakes including SQL injection, hardcoded credentials, weak cryptographic practices, memory safety issues, and other CWE-mapped security flaws. The tool integrates seamlessly into development workflows through CI/CD pipelines, GitHub Actions, and pre-commit hooks with configurable rules, exclusion capabilities, and multiple output formats including SARIF to enable automated security scanning and remediation guidance throughout the Go application development lifecycle.