CTO News Hubb
Advertisement
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact
No Result
View All Result
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact
No Result
View All Result
CTO News Hubb
No Result
View All Result
Home IT

Golang vulnerability checker flags Go vulnerabilities

July 15, 2023
in IT


Govulncheck, a command-line tool to help users of Google’s Go programming language find known vulnerabilities in project dependencies, has reached 1.0.0 status, the Go security team said.

Unveiled July 13, Govulncheck can analyze both binaries and source code. It reduces noise by prioritizing vulnerabilities in functions the code is calling. Govulncheck is powered by the Go vulnerability database, which provides information about known vulnerabilities in public Go modules. Govulncheck uses static analysis of source code or a binary’s symbol table to limit its reports to only vulnerabilities that could affect a particular application.

Developers can use go install to install the tool:

go install golang.org/x/vuln/cmd/govulncheck@latest

Developers can analyze source code by running Govulncheck inside a module directory:

govulncheck ./...

Govulncheck must be built with Go 1.18 or a later version. Go 1.20 is the current production release of the language.

Govulncheck searches for vulnerabilities using a specific build configuration. For source code, the configuration is the Go version specified by the “go” command found on the path. For binaries, the build configuration is the one used in building the binary. Different build configurations may have different known vulnerabilities.

Govulncheck has a number of limitations:

  • Govulncheck analyzes function pointer and interface calls conservatively, which could result in false positives or inaccurate call stacks.
  • Calls to functions made using package reflect are not visible.
  • Because Go binaries do not have detailed call information, Govulncheck cannot show call graphs for detected vulnerabilities. It also might report false positives for code that is in the binary but not reachable.
  • There is no support for silencing vulnerability findings.
  • For binaries where symbol information cannot be extracted, Govulncheck reports vulnerabilities for all modules on which the binary depends.

The Go security team initially announced support for vulnerability management last September, with the project anchored by the vulnerability database.

Copyright © 2023 IDG Communications, Inc.



Source link

Previous Post

Netflix’s ‘Black Mirror’ Portents Data Privacy Doom

Next Post

Khan and Gensler Should Be Fired

Next Post

Khan and Gensler Should Be Fired

How to Get a Six-Figure Job as an AI Prompt Engineer

Trending News

Quality of new vehicles in US declining on more tech use, study shows

June 23, 2023

OPNsense® a true open source security platform and more

June 27, 2023

Kotlin rises to the Tiobe top 20

September 13, 2023

© CTO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • CTO News
  • IT
  • Technology
  • AI
  • QC
  • Robotics
  • Blockchain
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact

© 2021 JNews – Premium WordPress news & magazine theme by Jegtheme.

SUBSCRIBE TO OUR WEEKLY NEWSLETTERS