Does it handle false positives?

While the tools are highly accurate, it is recommended to manually review results as static analysis can occasionally flag intentional patterns as risks.

Can this skill detect SQL injection in Go code?

Yes, it uses gosec rules G201 and G202 to identify potential SQL injection and unsafe string concatenation in database queries.

Can I integrate these security scans into my GitHub Actions?

Absolutely. The skill provides a pre-configured YAML template for GitHub Actions to automate security scanning on every push or pull request.

Does it check for vulnerabilities in third-party libraries?

Yes, govulncheck specifically analyzes your dependency graph and compares it against the official Go vulnerability database.

What tools does the Go Security Scanner skill use?

It utilizes gosec for static application security testing (SAST) and govulncheck for scanning known vulnerabilities in your project's dependencies.

Go Security Scanner

Name: Go Security Scanner
Author: IvanTorresEdge

byIvanTorresEdge

Security & Testing

Performs automated security audits and vulnerability scanning for Go applications using industry-standard static analysis tools.

About

The Go Security Scanner skill empowers Claude to conduct comprehensive security assessments of Go codebases by leveraging powerful tools like gosec and govulncheck. It identifies critical vulnerabilities such as hardcoded credentials, SQL injection risks, and unsafe imports, while also checking for known vulnerabilities in third-party dependencies. This skill is essential for developers looking to maintain high security standards, perform pre-deployment audits, and integrate automated security checks directly into their CI/CD pipelines.

Key Features

Vulnerability scanning with govulncheck for dependency-related risks.
Static security analysis with gosec to detect coding flaws and patterns.
Ready-to-use CI/CD integration patterns for GitHub Actions.
Detection of hardcoded credentials, weak cryptography, and SQL injection.
0 GitHub stars
Support for multiple output formats including JSON for automated reporting.

Use Cases

Scanning project dependencies for known CVEs using the official Go vulnerability database.
Performing a pre-release security audit on a Go repository.
Integrating automated security linting into a team's development workflow.

About

Key Features

Vulnerability scanning with govulncheck for dependency-related risks.
Static security analysis with gosec to detect coding flaws and patterns.
Ready-to-use CI/CD integration patterns for GitHub Actions.
Detection of hardcoded credentials, weak cryptography, and SQL injection.
0 GitHub stars
Support for multiple output formats including JSON for automated reporting.

Use Cases

Scanning project dependencies for known CVEs using the official Go vulnerability database.
Performing a pre-release security audit on a Go repository.
Integrating automated security linting into a team's development workflow.