Bug 258385 - [New Port] devel/gokart: Static analysis tool for securing Go code
Summary: [New Port] devel/gokart: Static analysis tool for securing Go code
Status: Closed DUPLICATE of bug 257942
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL: https://github.com/praetorian-inc/gokart
Keywords: patch-ready
Depends on:
Blocks:
 
Reported: 2021-09-09 13:06 UTC by Robert Clausecker
Modified: 2021-09-10 14:39 UTC (History)
0 users

See Also:


Attachments
devel/gokart: Static analysis tool for securing Go code (2.64 KB, patch)
2021-09-09 13:06 UTC, Robert Clausecker
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clausecker 2021-09-09 13:06:00 UTC
Created attachment 227783 [details]
devel/gokart: Static analysis tool for securing Go code

Straightforward GO_MODULES port.

Tested with Poudriere on armv7 arm64 i386 amd64 FreeBSD 13.0-RELEASE.

***

GoKart is a static analysis tool for Go that finds vulnerabilities using
the SSA (single static assignment) form of Go source code.  It is
capable of tracing the source of variables and function arguments to
determine whether input sources are safe, which reduces the number of
false positives compared to other Go security scanners.  For instance, a
SQL query that is concatenated with a variable might traditionally be
flagged as SQL injection; however, GoKart can figure out if the variable
is actually a constant or constant equivalent, in which case there is no
vulnerability.

WWW: https://github.com/praetorian-inc/gokart
Comment 1 Robert Clausecker 2021-09-10 14:39:31 UTC

*** This bug has been marked as a duplicate of bug 257942 ***