Go programming language has taken the developer ecosystem by storm. Since it's creation in 2009, the language has seen tremendous global adoption by developers looking for a lightweight as well as expressive language suited for microservices architectures. It has been touted to be on a trajectory to become the next enterprise programming language.
It gives us great pleasure to announce support for Go on DeepSource. The Go analyzer is in beta right now, and we look forward to getting feedback from you to make it better.
The analyzer detects 120+ types of issues falling into the following categories — bug risks, anti-patterns, security vulnerabilities, performance issues, documentation coverage and style violations.
Here's quick overview of some sample issues from each of these categories.
Incorrect usage of append
Using defer in infinite loops which will never execute
Invalid regular expressions
Assignment to nil map
Poor file permissions
Binding to all interfaces
Hard-coded credentials in source code
Use of un-escaped data in HTML templates
Storing non-pointer values in sync.Pool
Using time.Tick in a leaky way
Optimizations when indexing maps by byte slices
Duplicate build constraints
Trapping signals like SIGKILL and SIGSTOP that can't be trapped
Redundant control flows
Missing error checks
Incorrectly formatted error string
Misplaced default case in switch statements
Getting Started with GitHub
Analyzing Go code with DeepSource is straightforward. Just add a .deepsource.toml file to the repository root to tell DeepSource which analyzers to run. The following example configuration will run go analysis continuously on all pull requests.
version = 1
test_patterns = [
name = "go"
enabled = true
import_path = "github.com/username/repository"
name = "test-coverage"
enabled = true
Tracking test coverage
You can also track test coverage for your Go code. Post enabling test coverage analyzer (above step), use DeepSource CLI to report metrics from any CI systems.
# Run your tests and generate coverage report
go test -coverprofile=coverage.out
# Install 'deepsource CLI'
curl https://deepsource.io/cli | sh
# Set DEEPSOURCE_DSN env variable from repository settings page
# Report coverage artifact to 'test-coverage' analyzer
./bin/deepsource report --analyzer test-coverage --key go --value-file ./coverage.out