All Posts
Product
Releases
Go

DeepSource Go analyzer is now generally available

Sourya
May 25, 2019

DeepSource Go analyzer is now generally available

Two months ago, we launched the analyzer for the Go programming language in a public beta. Since then, prominent open-source projects like Dgraph, Gauge, and many others have adopted DeepSource to enable continuous quality and security on their code. With features and fixes based on the feedback we received from early adopters, we are pleased to announce that the DeepSource's Go analyzer is now generally available. Read on to know all the details.

Support for package managers

DeepSource installs the 3rd party dependencies listed in your project during the analysis to get a full view of your application. Up until this release, we supported go modules as the only way to install them, and if we detected some other package manager, we'd try to move it to go modules (using the go mod init <import path> command). While this approach worked for many repositories, it did not for others. One such case was when a dependency of the analyzed repository had versioned packages (package.domain.tld/v1), but the repository itself was using the unversioned package (the "zeroth" version).

To analyze such packages better, we now detect the package manager used for the repository and use it to install the dependencies. We now support 10 package managers, details about which can be found here.

21 new issues detected

We now detect 21 new issues in your Go code, which brings the total number of issues raised to 154, which we have categorized into 72 bug risk issues, 41 anti-patterns, 19 security issues, 11 style issues and 11 performance issues. Of these 21 new issues, 12 prevent bug risks, 4 detect anti-patterns, and 5 of them help improve performance. Let's look at some of the new issues:

Copy the arrays, you must not.

Override, you shall not, an imported package's name.

We're so excited about this release, and we're sure you'd find these new issues useful if you're writing code in Go. Why don't you go ahead and signup on DeepSource and start analysis on your Go repositories? It's free forever for open-source!

The Gopher image is attributed to Maria Letta.

More from DeepSource

From Zero To Secure
From Zero To Secure
A guide to risk-free SAST implementation for AppSec teams.
Code Security
SAST
Introducing, DeepSource Runner
Introducing, DeepSource Runner
Run DeepSource with SaaS convenience and on-premise security
Announcements
Platform Engineering

Get started with DeepSource

DeepSource is free forever for small teams and open-source projects. Start analyzing your code in less than 2 minutes.

CHOOSE AN ACCOUNT
GitHub
GitLab
Bitbucket

Newsletter

Read product updates, company announcements, how we build DeepSource, what we think about good code, and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
platform
resources
company
support
PLATFORM
Platform Overview Pricing
Static Analysis
SAST
Autofix™️
IaC Analysis
Reports
Code Coverage
Self-hosting
IDE
RoadmapChangelog
resources
BlogGlossaryGood Code PodcastGood First IssueSpotlight
State of Code Health
State of Go
OWASP® Top 10 Whitepaper
company
AboutSecurityTrust Reports
Jobs
Press EnquiriesBrand AssetsTermsPrivacy
support
DocumentationSystem StatusContact SalesCommunity Forum
© 2023 DeepSource Corp. All rights reserved.