Does it handle false positives?

While the tools are highly accurate, it is recommended to manually review results as static analysis can occasionally flag intentional patterns as risks.

Can this skill detect SQL injection in Go code?

Yes, it uses gosec rules G201 and G202 to identify potential SQL injection and unsafe string concatenation in database queries.

Can I integrate these security scans into my GitHub Actions?

Absolutely. The skill provides a pre-configured YAML template for GitHub Actions to automate security scanning on every push or pull request.

Does it check for vulnerabilities in third-party libraries?

Yes, govulncheck specifically analyzes your dependency graph and compares it against the official Go vulnerability database.

What tools does the Go Security Scanner skill use?

It utilizes gosec for static application security testing (SAST) and govulncheck for scanning known vulnerabilities in your project's dependencies.

Go Security Scanner

Name: Go Security Scanner
Author: IvanTorresEdge

byIvanTorresEdge

0•

Security & Testing

Performs automated security audits and vulnerability scanning for Go applications using industry-standard static analysis tools.

The Go Security Scanner skill empowers Claude to conduct comprehensive security assessments of Go codebases by leveraging powerful tools like gosec and govulncheck. It identifies critical vulnerabilities such as hardcoded credentials, SQL injection risks, and unsafe imports, while also checking for known vulnerabilities in third-party dependencies. This skill is essential for developers looking to maintain high security standards, perform pre-deployment audits, and integrate automated security checks directly into their CI/CD pipelines.

Key Features

01Vulnerability scanning with govulncheck for dependency-related risks.

02Static security analysis with gosec to detect coding flaws and patterns.

03Ready-to-use CI/CD integration patterns for GitHub Actions.

04Detection of hardcoded credentials, weak cryptography, and SQL injection.

050 GitHub stars

06Support for multiple output formats including JSON for automated reporting.

Use Cases

01Scanning project dependencies for known CVEs using the official Go vulnerability database.

02Performing a pre-release security audit on a Go repository.

03Integrating automated security linting into a team's development workflow.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ivantorresedge/molcajete.ai security-scanning

For use in Claude.ai and ChatGPT

Download Skill