Integrate GoSec with Vulnetix. Scan Go source code for security anti-patterns including SQL injection, command injection, hardcoded credentials, weak cryptography, and insecure TLS settings.
GoCLI toolSARIF
Install & scan
$ go install github.com/securego/gosec/v2/cmd/gosec@latest $ gosec -fmt=sarif -out=gosec.sarif ./...
Run GoSec in CI
Scan on every push and upload the results to Vulnetix:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: stable
- name: Install GoSec
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
- name: Run GoSec
run: gosec -fmt=sarif -out=gosec.sarif ./...
- name: Upload to Vulnetix
run: vulnetix upload --file gosec.sarif
Centralise GoSec results in Vulnetix
Upload GoSec SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.