Vulnerability Management Added To Go 1.19
Written by Kay Ewbank   
Thursday, 08 September 2022

Vulnerability management support has been added to Go 1.19. This is a first step towards helping Go developers learn about known vulnerabilities that may affect them.

Go is an open source project developed by a team at Google and many contributors from the open source community over more than 8 years. The main intended use is as a systems programming language, and it has been used in high profile commercial successes such as Docker.


The new tool uses a combination of features that analyze your codebase, and use Go's vulnerability database to identify any code that calls known vulnerabilities. The Go vulnerability database is curated by the Go security team.

The Go vulnerability database contains details about known vulnerabilities in importable packages in public Go modules. The information is drawn from existing sources such as CVEs and GHSAs, and direct reports from Go package maintainers. This information is then reviewed by the Go security team and added to the database, which can be viewed in browsers. CVEs, Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws that have been assigned a CVE ID number. GHSAs are GitHub Security Advisories.

The new ability within Go comes in the form of a new govulncheck command, which the GoLang developers describe a low-noise, reliable way for Go users to learn about known vulnerabilities that may affect their projects. Govulncheck analyzes your codebase and reports on any vulnerabilities that actually affect your project, based on which functions in your code are calling vulnerable functions.

Govulncheck has been developed as a standalone tool. This is to allow frequent updates and rapid iteration while the team gathers feedback from users. In the long term, the plan is to integrate the govulncheck tool into the main Go distribution.

To directly integrate vulnerability checking into other tools and processes, the vulncheck package exports govulncheck’s functionality as a Go API.

Go 1.19  is available for download now.


More Information

Go Download Page

GoLang Org Webpage

Go Vulnerability Database

Related Articles

Why Is Go Good?

Go Survey 2021

Go 1.18 Released With Generics And Fuzzing

Insights Into Where Go Is Going

Go Adopts Generics

Go 1.15 Improves Linker

Go 2 Details Revealed

Help Go Develop

Go 1.11 Adds WebAssembly Port
Go Drops The Gopher - The End is in Sight

Go SDK For Azure Released

Go Survey Revelations

Go At Eight

Why invent a new language? Go creator explains

A Programmer's Guide To Go

A Programmer's Guide To Go Part 2 - Objects And Interfaces

A Programmer's Guide To Go Part 3 - Goroutines And Concurrency


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Pulumi Announces Copilot AI Management

Pulumi has announced Pulumi Copilot, an AI tool for general cloud infrastructure management. Copilot uses large language models with semantic understanding of the cloud to provide insights and control [ ... ]

Microsoft Reveals Preview C#13 Features

Microsoft has announced details of what will be included in C# 13. The news was announced at Microsoft's recent Build conference. The new version will have enhanced parameters, extension types, and se [ ... ]

More News

C book



or email your comment to:

Last Updated ( Tuesday, 13 September 2022 )