This article shows you how to analyze your applications that are written in Go using NG SAST. It assumes that you have already set up and authenticated with ShiftLeft.
NG SAST analyzes only source code written in Go 1.12 (or later), not compiled applications.
You must have the appropriate version of Go installed on the machine on which you're running ShiftLeft.
The VM or the environment you use should support building Go applications correctly. Try building the Go application first using
go build (or e.g.
make build if you're using a
Makefile) command before attempting code analysis.
Analyzing Your Go Application
ShiftLeft offers a sample application that you can use to run and test NG SAST. It also includes a functioning configuration file to demonstrate how you can leverage GitHub Actions to automate code analysis whenever you open a new Pull Request (PR).
To analyze your Go application, run:
|The name of the application to be analyzed|
|The flag identifying the application's language|
|Include if you want to analyze your application using the Code Property Graph (CPG) mode. With CPG mode, ShiftLeft builds the CPG locally, then uploads the CPG (instead of your application) to the cloud for analysis|
|The Go package to be analyzed (this is the same argument you'd pass to Go's |
See the CLI reference for additional
sl analyze options.