[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5128":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":15,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},5128,"gosec","securego\u002Fgosec","securego","Go security checker","https:\u002F\u002Fsecurego.io",null,"Go",8858,698,81,1,0,12,45,5,77.03,"Apache License 2.0",false,"master",true,[26,27,28,29,30,31],"golang","security","security-automation","security-tools","static-analysis","static-code-analysis","2026-06-12 04:00:24","\n# gosec - Go Security Checker\n\nInspects source code for security problems by scanning the Go AST\nand SSA code representation.\n\n\u003Cimg src=\"https:\u002F\u002Fsecurego.io\u002Fimg\u002Fgosec.png\" width=\"320\">\n\n## Quick links\n\n- [GitHub Action](#github-action)\n- [Local installation](#local-installation)\n- [Quick start](#quick-start)\n- [Common usage patterns](#common-usage-patterns)\n- [Selecting rules](#selecting-rules)\n- [Output formats](#output-formats)\n\n## Features\n\n- **Pattern-based rules** for detecting common security issues\n  in Go code\n- **SSA-based analyzers** for type conversions, slice bounds,\n  and crypto issues\n- **Taint analysis** for tracking data flow from user input to\n  dangerous functions (SQL injection, command injection, path\n  traversal, SSRF, XSS, log injection, SMTP injection, SSTI,\n  unsafe deserialization, open redirect)\n\n## License\n\nLicensed under the Apache License, Version 2.0 (the \"License\").\nYou may not use this file except in compliance with the License.\nYou may obtain a copy of the License\n[here](http:\u002F\u002Fwww.apache.org\u002Flicenses\u002FLICENSE-2.0).\n\n## Project status\n\n[![CII Best Practices](https:\u002F\u002Fbestpractices.coreinfrastructure.org\u002Fprojects\u002F3218\u002Fbadge)](https:\u002F\u002Fbestpractices.coreinfrastructure.org\u002Fprojects\u002F3218)\n[![Build Status](https:\u002F\u002Fgithub.com\u002Fsecurego\u002Fgosec\u002Fworkflows\u002FCI\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fsecurego\u002Fgosec\u002Factions?query=workflows%3ACI)\n[![Coverage Status](https:\u002F\u002Fcodecov.io\u002Fgh\u002Fsecurego\u002Fgosec\u002Fbranch\u002Fmaster\u002Fgraph\u002Fbadge.svg)](https:\u002F\u002Fcodecov.io\u002Fgh\u002Fsecurego\u002Fgosec)\n[![GoReport](https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002Fsecurego\u002Fgosec)](https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fgithub.com\u002Fsecurego\u002Fgosec)\n[![GoDoc](https:\u002F\u002Fpkg.go.dev\u002Fbadge\u002Fgithub.com\u002Fsecurego\u002Fgosec\u002Fv2)](https:\u002F\u002Fpkg.go.dev\u002Fgithub.com\u002Fsecurego\u002Fgosec\u002Fv2)\n[![Docs](https:\u002F\u002Freadthedocs.org\u002Fprojects\u002Fdocs\u002Fbadge\u002F?version=latest)](https:\u002F\u002Fsecurego.io\u002F)\n[![Downloads](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fdownloads\u002Fsecurego\u002Fgosec\u002Ftotal.svg)](https:\u002F\u002Fgithub.com\u002Fsecurego\u002Fgosec\u002Freleases)\n[![GHCR](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fghcr.io-securego%2Fgosec-blue)](https:\u002F\u002Fgithub.com\u002Forgs\u002Fsecurego\u002Fpackages\u002Fcontainer\u002Fpackage\u002Fgosec)\n[![Slack](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSlack-4A154B?style=for-the-badge&logo=slack&logoColor=white)](http:\u002F\u002Fsecurego.slack.com)\n[![go-recipes](https:\u002F\u002Fraw.githubusercontent.com\u002Fnikolaydubina\u002Fgo-recipes\u002Fmain\u002Fbadge.svg?raw=true)](https:\u002F\u002Fgithub.com\u002Fnikolaydubina\u002Fgo-recipes)\n\n## Installation\n\n### GitHub Action\n\nYou can run `gosec` as a GitHub action as follows:\n\nUse the versioned tag with `@master` which is pinned to the\nlatest stable release. This will provide a stable behavior.\n\n```yaml\nname: Run Gosec\non:\n  push:\n    branches:\n      - master\n  pull_request:\n    branches:\n      - master\njobs:\n  tests:\n    runs-on: ubuntu-latest\n    env:\n      GO111MODULE: on\n    steps:\n      - name: Checkout Source\n        uses: actions\u002Fcheckout@v3\n      - name: Run Gosec Security Scanner\n        uses: securego\u002Fgosec@master\n        with:\n          args: .\u002F...\n```\n\n#### Scanning Projects with Private Modules\n\nIf your project imports private Go modules, you need to\nconfigure authentication so that `gosec` can fetch the\ndependencies. Set the following environment variables in\nyour workflow:\n\n- `GOPRIVATE`: A comma-separated list of module path prefixes\n  that should be considered private\n  (e.g., `github.com\u002Fyour-org\u002F*`).\n- `GITHUB_AUTHENTICATION_TOKEN`: A GitHub token with read\n  access to your private repositories.\n\n```yaml\nname: Run Gosec\non:\n  push:\n    branches:\n      - master\n  pull_request:\n    branches:\n      - master\njobs:\n  tests:\n    runs-on: ubuntu-latest\n    env:\n      GO111MODULE: on\n      GOPRIVATE: github.com\u002Fyour-org\u002F*\n      GITHUB_AUTHENTICATION_TOKEN: ${{ secrets.PRIVATE_REPO_TOKEN }}\n    steps:\n      - name: Checkout Source\n        uses: actions\u002Fcheckout@v3\n      - name: Run Gosec Security Scanner\n        uses: securego\u002Fgosec@v2\n        with:\n          args: .\u002F...\n```\n\n### Integrating with code scanning\n\nYou can [integrate third-party code analysis tools](https:\u002F\u002Fdocs.github.com\u002Fen\u002Fgithub\u002Ffinding-security-vulnerabilities-and-errors-in-your-code\u002Fintegrating-with-code-scanning)\nwith GitHub code scanning by uploading data as SARIF files.\n\nThe workflow shows an example of running the `gosec` as a step\nin a GitHub action workflow which outputs the `results.sarif`\nfile. The workflow then uploads the `results.sarif` file to\nGitHub using the `upload-sarif` action.\n\n```yaml\nname: \"Security Scan\"\n\n# Run workflow each time code is pushed to your repository and on a schedule.\n# The scheduled workflow runs every at 00:00 on Sunday UTC time.\non:\n  push:\n  schedule:\n  - cron: '0 0 * * 0'\n\njobs:\n  tests:\n    runs-on: ubuntu-latest\n    env:\n      GO111MODULE: on\n    steps:\n      - name: Checkout Source\n        uses: actions\u002Fcheckout@v3\n      - name: Run Gosec Security Scanner\n        uses: securego\u002Fgosec@v2\n        with:\n          # we let the report trigger content trigger a failure using the GitHub Security features.\n          args: '-no-fail -fmt sarif -out results.sarif .\u002F...'\n      - name: Upload SARIF file\n        uses: github\u002Fcodeql-action\u002Fupload-sarif@v2\n        with:\n          # Path to SARIF file relative to the root of the repository\n          sarif_file: results.sarif\n```\n\n### Go Analysis\n\nThe `goanalysis` package provides a\n[`golang.org\u002Fx\u002Ftools\u002Fgo\u002Fanalysis.Analyzer`](https:\u002F\u002Fpkg.go.dev\u002Fgolang.org\u002Fx\u002Ftools\u002Fgo\u002Fanalysis)\nfor integration with tools that support the standard Go\nanalysis interface, such as Bazel's\n[nogo](https:\u002F\u002Fgithub.com\u002Fbazelbuild\u002Frules_go\u002Fblob\u002Fmaster\u002Fgo\u002Fnogo.rst)\nframework:\n\n```starlark\nnogo(\n    name = \"nogo\",\n    deps = [\n        \"@com_github_securego_gosec_v2\u002F\u002Fgoanalysis\",\n        # add more analyzers as needed\n    ],\n    visibility = [\"\u002F\u002Fvisibility:public\"],\n)\n```\n\n### Local Installation\n\ngosec requires Go 1.25 or newer.\n\n```bash\ngo install github.com\u002Fsecurego\u002Fgosec\u002Fv2\u002Fcmd\u002Fgosec@latest\n```\n\n## Quick start\n\n```bash\n# Scan all packages in current module\ngosec .\u002F...\n\n# Write JSON report\ngosec -fmt json -out results.json .\u002F...\n\n# Write SARIF report for code scanning\ngosec -fmt sarif -out results.sarif .\u002F...\n```\n\n### Exit codes\n\n- `0`: scan finished without unsuppressed findings\u002Ferrors\n- `1`: at least one unsuppressed finding or processing error\n- Use `-no-fail` to always return `0`\n\n## Usage\n\nGosec can be configured to only run a subset of rules, to\nexclude certain file paths, and produce reports in different\nformats. By default all rules will be run against the supplied\ninput files. To recursively scan from the current directory you\ncan supply `.\u002F...` as the input argument.\n\n### Available rules\n\ngosec includes rules across these categories:\n\n- `G1xx`: general secure coding issues (for example hardcoded\n  credentials, unsafe usage, HTTP hardening, cookie security)\n- `G2xx`: injection risks in query\u002Ftemplate\u002Fcommand\n  construction\n- `G3xx`: file and path handling risks (permissions, traversal,\n  temp files, archive extraction)\n- `G4xx`: crypto and TLS weaknesses\n- `G5xx`: blocklisted imports\n- `G6xx`: Go-specific correctness\u002Fsecurity checks (for example\n  range aliasing and slice bounds)\n- `G7xx`: taint analysis rules (SQL injection, command\n  injection, path traversal, SSRF, XSS, log, SMTP injection,\n  SSTI, unsafe deserialization, and open redirect)\n\nFor the full list, rule descriptions, and per-rule\nconfiguration, see [RULES.md](RULES.md).\n\n### Retired rules\n\n- G105: Audit the use of math\u002Fbig.Int.Exp -\n  [CVE is fixed](https:\u002F\u002Fgithub.com\u002Fgolang\u002Fgo\u002Fissues\u002F15184)\n- G307: Deferring a method which returns an error - causing\n  more inconvenience than fixing a security issue, despite the\n  details from this\n  [blog post](https:\u002F\u002Fwww.joeshaw.org\u002Fdont-defer-close-on-writable-files\u002F)\n\n### Selecting rules\n\nBy default, gosec will run all rules against the supplied file\npaths. It is however possible to select a subset of rules to\nrun via the `-include=` flag, or to specify a set of rules to\nexplicitly exclude using the `-exclude=` flag.\n\n```bash\n# Run a specific set of rules\n$ gosec -include=G101,G203,G401 .\u002F...\n\n# Run everything except for rule G303\n$ gosec -exclude=G303 .\u002F...\n```\n\n### CWE Mapping\n\nEvery issue detected by `gosec` is mapped to a\n[CWE (Common Weakness Enumeration)](http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Findex.html)\nwhich describes in more generic terms the vulnerability. The\nexact mapping can be found\n[here](https:\u002F\u002Fgithub.com\u002Fsecurego\u002Fgosec\u002Fblob\u002Fmaster\u002Fissue\u002Fissue.go#L50).\n\n### Configuration\n\nA number of global settings can be provided in a configuration\nfile as follows:\n\n```JSON\n{\n    \"global\": {\n        \"nosec\": \"enabled\",\n        \"audit\": \"enabled\"\n    }\n}\n```\n\n- `nosec`: this setting will overwrite all `#nosec` directives\n  defined throughout the code base\n- `audit`: runs in audit mode which enables addition checks\n  that for normal code analysis might be too nosy\n\n```bash\n# Run with a global configuration file\n$ gosec -conf config.json .\n```\n\n### Path-Based Rule Exclusions\n\nLarge repositories with multiple components may need different\nsecurity rules for different paths. Use `exclude-rules` to\nsuppress specific rules for specific paths.\n\n**Configuration File:**\n```json\n{\n  \"exclude-rules\": [\n    {\n      \"path\": \"cmd\u002F.*\",\n      \"rules\": [\"G204\", \"G304\"]\n    },\n    {\n      \"path\": \"scripts\u002F.*\",\n      \"rules\": [\"*\"]\n    }\n  ]\n}\n```\n\n**CLI Flag:**\n```bash\n# Exclude G204 and G304 from cmd\u002F directory\ngosec --exclude-rules=\"cmd\u002F.*:G204,G304\" .\u002F...\n\n# Exclude all rules from scripts\u002F directory  \ngosec --exclude-rules=\"scripts\u002F.*:*\" .\u002F...\n\n# Multiple exclusions\ngosec --exclude-rules=\"cmd\u002F.*:G204,G304;test\u002F.*:G101\" .\u002F...\n```\n\n| Field | Type | Description |\n|-------|------|-------------|\n| `path` | string (regex) | Regex matched against file paths |\n| `rules` | []string | Rule IDs to exclude. `*` for all |\n\n#### Rule Configuration\n\nSome rules accept configuration flags as well; these flags are\ndocumented in\n[RULES.md](https:\u002F\u002Fgithub.com\u002Fsecurego\u002Fgosec\u002Fblob\u002Fmaster\u002FRULES.md).\n\n#### Go version\n\nSome rules require a specific Go version which is retrieved\nfrom the Go module file present in the project. If this version\ncannot be found, it will fallback to Go runtime version.\n\nThe Go module version is parsed using the `go list` command\nwhich in some cases might lead to performance degradation. In\nthis situation, the go module version can be easily provided by\nsetting the environment variable\n`GOSECGOVERSION=go1.21.1`.\n\n### Dependencies\n\ngosec loads packages using Go modules. In most projects,\ndependencies are resolved automatically during scanning.\n\nIf dependencies are missing, run:\n\n```bash\ngo mod tidy\ngo mod download\n```\n\n### Excluding test files and folders\n\ngosec will ignore test files across all packages and any\ndependencies in your vendor directory.\n\nThe scanning of test files can be enabled with the following\nflag:\n\n```bash\ngosec -tests .\u002F...\n```\n\nAlso additional folders can be excluded as follows:\n\n```bash\n gosec -exclude-dir=rules -exclude-dir=cmd .\u002F...\n```\n\n### Excluding generated files\n\ngosec can ignore generated go files with default generated\ncode comment.\n\n```\n\u002F\u002F Code generated by some generator DO NOT EDIT.\n```\n\n```bash\ngosec -exclude-generated .\u002F...\n```\n\n### Auto fixing vulnerabilities\n\ngosec can suggest fixes based on AI recommendation. It will\ncall an AI API to receive a suggestion for a security finding.\n\nYou can enable this feature by providing the following command\nline arguments:\n\n- `ai-api-provider`: the name of the AI API provider.\n  Supported providers:\n  - **Gemini**: `gemini-3-pro-preview` (default),\n    `gemini-2.5-pro`, `gemini-2.5-flash`,\n    `gemini-2.5-flash-lite`\n  - **Claude**: `claude-sonnet-4-6` (default),\n    `claude-opus-4-7`, `claude-opus-4-6`,\n    `claude-sonnet-4-5`, `claude-opus-4-5`,\n    `claude-haiku-4-5`\n  - **OpenAI**: `gpt-5.4` (default), `gpt-5.4-mini`,\n    `gpt-5.4-nano`\n  - **Custom OpenAI-compatible**: Any custom model name\n    (requires `ai-base-url`)\n- `ai-api-key` or set the environment variable\n  `GOSEC_AI_API_KEY`: the key to access the AI API\n  - For Gemini, you can create an API key following\n    [these instructions](https:\u002F\u002Fai.google.dev\u002Fgemini-api\u002Fdocs\u002Fapi-key)\n  - For Claude, get your API key from\n    [Anthropic Console](https:\u002F\u002Fconsole.anthropic.com\u002F)\n  - For OpenAI, get your API key from\n    [OpenAI Platform](https:\u002F\u002Fplatform.openai.com\u002Fapi-keys)\n- `ai-base-url`: (optional) custom base URL for\n  OpenAI-compatible APIs (e.g., Azure OpenAI, LocalAI,\n  Ollama)\n- `ai-skip-ssl`: (optional) skip SSL certificate verification\n  for AI API (useful for self-signed certificates)\n\n**Examples:**\n\n```bash\n# Using Gemini\ngosec -ai-api-provider=\"gemini-3-pro-preview\" \\\n  -ai-api-key=\"your_key\" .\u002F...\n\n# Using Claude\ngosec -ai-api-provider=\"claude-sonnet-4-6\" \\\n  -ai-api-key=\"your_key\" .\u002F...\n\n# Using OpenAI\ngosec -ai-api-provider=\"gpt-5.4\" \\\n  -ai-api-key=\"your_key\" .\u002F...\n\n# Using Azure OpenAI\ngosec -ai-api-provider=\"gpt-5.4\" \\\n  -ai-api-key=\"your_azure_key\" \\\n  -ai-base-url=\"https:\u002F\u002Fyour-resource.openai.azure.com\u002Fopenai\u002Fdeployments\u002Fyour-deployment\" \\\n  .\u002F...\n\n# Using local Ollama with custom model\ngosec -ai-api-provider=\"llama3.2\" \\\n  -ai-base-url=\"http:\u002F\u002Flocalhost:11434\u002Fv1\" \\\n  .\u002F...\n\n# Using self-signed certificate API\ngosec -ai-api-provider=\"custom-model\" \\\n  -ai-api-key=\"your_key\" \\\n  -ai-base-url=\"https:\u002F\u002Finternal-api.company.com\u002Fv1\" \\\n  -ai-skip-ssl \\\n  .\u002F...\n```\n\n### Annotating code\n\nAs with all automated detection tools, there will be cases of\nfalse positives. In cases where gosec reports a failure that\nhas been manually verified as being safe, it is possible to\nannotate the code with a comment that starts with `#nosec`.\n\nThe `#nosec` comment should have the format\n`#nosec [RuleList] [-- Justification]`.\n\nThe `#nosec` comment needs to be placed on the line where the\nwarning is reported.\n\n```go\nfunc main() {\n\ttr := &http.Transport{\n\t\tTLSClientConfig: &tls.Config{\n\t\t\tInsecureSkipVerify: true, \u002F\u002F #nosec G402\n\t\t},\n\t}\n\n\tclient := &http.Client{Transport: tr}\n\t_, err := client.Get(\"https:\u002F\u002Fgo.dev\u002F\")\n\tif err != nil {\n\t\tfmt.Println(err)\n\t}\n}\n```\n\nWhen a specific false positive has been identified and verified\nas safe, you may wish to suppress only that single rule (or a\nspecific set of rules) within a section of code, while\ncontinuing to scan for other problems. To do this, you can list\nthe rule(s) to be suppressed within the `#nosec` annotation,\ne.g: `\u002F* #nosec G401 *\u002F` or `\u002F\u002F#nosec G201 G202 G203`\n\nYou could put the description or justification text for the\nannotation. The justification should be after the rule(s) to\nsuppress and start with two or more dashes,\ne.g: `\u002F\u002F#nosec G101 G102 -- This is a false positive`\n\nAlternatively, gosec also supports the `\u002F\u002Fgosec:disable`\ndirective, which functions similar to `#nosec`:\n\n```go\n\u002F\u002Fgosec:disable G101 -- This is a false positive\n```\n\nIn some cases you may also want to revisit places where\n`#nosec` or `\u002F\u002Fgosec:disable` annotations have been used. To\nrun the scanner and ignore any `#nosec` annotations you can do\nthe following:\n\n```bash\ngosec -nosec=true .\u002F...\n```\n\n### Tracking suppressions\n\nAs described above, we could suppress violations externally\n(using `-include`\u002F`-exclude`) or inline (using `#nosec`\nannotations). Suppression metadata can be emitted for auditing.\n\nEnable suppression tracking with `-track-suppressions`:\n\n```bash\ngosec -track-suppressions -exclude=G101 \\\n  -fmt=sarif -out=results.sarif .\u002F...\n```\n\n- For external suppressions, gosec records suppression info\n  where `kind` is `external` and `justification` is\n  `Globally suppressed.`.\n- For inline suppressions, gosec records suppression info\n  where `kind` is `inSource` and `justification` is the text\n  after two or more dashes in the comment.\n\n**Note:** Only SARIF and JSON formats support tracking\nsuppressions.\n\n### Build tags\n\ngosec is able to pass your\n[Go build tags](https:\u002F\u002Fpkg.go.dev\u002Fgo\u002Fbuild\u002F) to the analyzer.\nThey can be provided as a comma separated list as follows:\n\n```bash\ngosec -tags debug,ignore .\u002F...\n```\n\n### Output formats\n\ngosec supports `text`, `json`, `yaml`, `csv`, `junit-xml`,\n`html`, `sonarqube`, `golint`, and `sarif`. By default,\nresults will be reported to stdout, but can also be written to\nan output file. The output format is controlled by the `-fmt`\nflag, and the output file is controlled by the `-out` flag as\nfollows:\n\n```bash\n# Write output in json format to results.json\n$ gosec -fmt=json -out=results.json *.go\n```\n\nUse `-stdout` to print results while also writing `-out`.\nUse `-verbose` to override stdout format while preserving the\nfile format.\n```bash\n# Write output in json format to results.json as well as stdout\n$ gosec -fmt=json -out=results.json -stdout *.go\n\n# Overrides the output format to 'text' when stdout the results,\n# while writing it to results.json\n$ gosec -fmt=json -out=results.json -stdout -verbose=text *.go\n```\n\n**Note:** gosec generates the\n[generic issue import format](https:\u002F\u002Fdocs.sonarqube.org\u002Flatest\u002Fanalysis\u002Fgeneric-issue\u002F)\nfor SonarQube, and a report has to be imported into SonarQube\nusing\n`sonar.externalIssuesReportPaths=path\u002Fto\u002Fgosec-report.json`.\n\n## Common usage patterns\n\n```bash\n# Fail only on medium+ severity findings\ngosec -severity medium .\u002F...\n\n# Fail only on medium+ confidence findings\ngosec -confidence medium .\u002F...\n\n# Exclude specific rules for specific paths\ngosec --exclude-rules=\"cmd\u002F.*:G204,G304;scripts\u002F.*:*\" .\u002F...\n\n# Exclude generated files in scan\ngosec -exclude-generated .\u002F...\n\n# Include test files in scan\ngosec -tests .\u002F...\n```\n\n## Development\n\nDevelopment documentation was moved to\n[DEVELOPMENT.md](DEVELOPMENT.md).\n\n## Who is using gosec?\n\nThis is a [list](USERS.md) with some of the gosec's users.\n\n## Sponsors\n\nSupport this project by becoming a sponsor. Your logo will\nshow up here with a link to your website\n\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmercedes-benz\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fu\u002F34240465?s=80&v=4\">\u003C\u002Fa>\n","gosec 是一个用于检测 Go 代码中安全问题的工具。它通过扫描 Go 的抽象语法树（AST）和静态单赋值（SSA）代码表示来识别潜在的安全漏洞。其核心功能包括基于模式的规则检测、SSA 基础上的分析器以及污点分析，能够有效发现类型转换错误、数组越界、加密问题及多种注入攻击等安全风险。gosec 支持多种输出格式，并可通过 GitHub Actions 集成到 CI\u002FCD 流程中，非常适合在开发过程中持续监控 Go 项目的代码安全性。",2,"2026-06-11 03:02:39","top_language"]