ShiftLeft supports analyzing Go projects using ShiftLeft Inspect, and investigating your Golang applications using ShiftLeft Ocular.

You can analyze and investigate only Go source code (not compiled applications). And a fully working build environment with Go 1.12 or newer for the target project is required.

ShiftLeft Inspect for Golang

After installing the ShiftLeft Command Line Interface (CLI) and authenticating, use the following command to analyze your Golang application with ShiftLeft Inspect

sl analyze --app <name> --go [<path>]


--app <name> analyze the application of <name>.

--go identity of the application's language.

<path> location of the .go file to be analyzed.

Next Steps

Analyze Applications

Identify Branch Names

Fail a Build Based on Analysis Results

ShiftLeft Ocular for Golang

After installing the ShiftLeft Command Line Interface (CLI), authenticating and starting ShiftLeft Ocular, create the Code Property Graph (CPG) for your Golang application using

ocular> createCpg(<inputPath>)


ocular> createCpg(List (<inputPath>), "GOLANG")

where <inputPath> is the path of the target application. For Golang, the path is the package or a package specifier that includes all of the subprojects, using the same arguments you would pass in a go build command. For example createCpg("helloshiftleftgo").

Next Steps

Generate the Security Profile

Querying the CPG and Security Profile

Uncover the Attack Surface