Go programming language has taken the developer ecosystem by storm. Since it's creation in 2009, the language has seen tremendous global adoption by developers looking for a lightweight as well as expressive language suited for microservices architectures. It has been touted to be on a trajectory to become the next enterprise programming language.
DeepSource Go analyzer is now generally available and is free to use for open-source repositories.
The analyzer detects 150+ types of issues falling into the following categories — bug risks, anti-patterns, security vulnerabilities, performance issues, documentation coverage and style violations.
Here's quick overview of some sample issues from each of these categories.
- Incorrect usage of
deferin infinite loops which will never execute
- Invalid regular expressions
- Assignment to
- Poor file permissions
- Binding to all interfaces
- Hard-coded credentials in source code
- Use of un-escaped data in HTML templates
- Storing non-pointer values in
time.Tickin a leaky way
- Optimizations when indexing maps by byte slices
- Duplicate build constraints
- Trapping signals like
SIGSTOPthat can't be trapped
- Redundant control flows
- Missing error checks
- Incorrectly formatted error string
defaultcase in switch statements
Analyzing Go code with DeepSource is straightforward. Just add a
.deepsource.toml file to the repository root to tell DeepSource which analyzers to run. The following example configuration will run go analysis continuously on all pull requests.
version = 1 test_patterns = [ "tests/*_test.go", "**/*_test.go" ] [[analyzers]] name = "go" enabled = true [analyzers.meta] import_path = "github.com/username/repository" [[analyzers]] name = "test-coverage" enabled = true
You can also track test coverage for your Go code. Post enabling test coverage analyzer (above step), use DeepSource CLI to report metrics from any CI systems.
# Run your tests and generate coverage report go test -coverprofile=coverage.out # Install 'deepsource CLI' curl https://deepsource.io/cli | sh # Set DEEPSOURCE_DSN env variable from repository settings page export DEEPSOURCE_DSN=https://email@example.com # Report coverage artifact to 'test-coverage' analyzer ./bin/deepsource report --analyzer test-coverage --key go --value-file ./coverage.out