What does HackerNews think of gosec?

Golang security checker

Language: Go

#76 in Go

#54 in Security

#7 in Security

Vulnerability Management for Go | Sep 2022

What's the difference between this a https://github.com/securego/gosec?

Down the Golang Nil Rabbit Hole | Mar 2021

Expand Context ↕

gosec[1] will warn you about this, at least.

    [reuse.go:26] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
    25:    wg.Done()
  > 26:   }(&item)
    27:  }

[1] https://github.com/securego/gosec

Dot Dot Considered Harmful | Nov 2018

That’s why tools like gosec complain when user input is used to access files - specifically because ‚..‘ allows one to „escape“.

Gosec: https://github.com/securego/gosec