This article shows you how to analyze your applications that are written in Go. It assumes that you have already installed and authenticated with ShiftLeft.


Inspect analyzes only source code written in Go 1.12 (or later), not compiled applications.

Analyzing Your Go Application

To analyze your Go application, run:

sl analyze --app <name> [--cpg|--no-cpg] --go [<path>]



--app <name>

The name of the application to be analyzed


The flag identifying the application's language

--cpg or --no-cpg

Whether you want to analyze your application using the Code Property Graph (CPG) mode. With CPG mode, ShiftLeft builds the CPG locally, then uploads the CPG (instead of your application) to the cloud for analysis


The Go package to be analyzed (this is the same argument you'd pass to the Go's build command). You can also pass in paths to the individual .go files. If you're executing sl analyze in the package's directory, you can pass in shorthands like . for the package name or wildcards like ./... if there are multiple subpackages to be selected for analysis