Govulncheck, a command-line tool to help users of Google’s Go programming language find known vulnerabilities in project dependencies, has reached 1.0.0 status, the Go security team said.
Unveiled July 13, Govulncheck can analyze both binaries and source code. It reduces noise by prioritizing vulnerabilities in functions the code is calling. Govulncheck is powered by the Go vulnerability database, which provides information about known vulnerabilities in public Go modules. Govulncheck uses static analysis of source code or a binary’s symbol table to limit its reports to only vulnerabilities that could affect a particular application.