Essential tools for Go developers

Before writing Go programs, you must set up your editor and install essential tools. A short list includes staticcheck, gosec, govulncheck, and gofumpt.

Gofumpt

gofumpt enforces a stricter format than gofmt, while being backwards compatible. That is, gofumpt is happy with a subset of the formats that gofmt is happy with.

Installation:

go install mvdan.cc/gofumpt@latest

gofumpt -version
v0.7.0 (go1.23.3)

Documentation and setup: link.

Staticcheck

staticcheck is a state of the art linter for the Go programming language. It finds bugs and performance issues, offers simplifications, and enforces style rules.

Installation:

go install honnef.co/go/tools/cmd/staticcheck@latest

staticcheck -version
staticcheck 2024.1.1 (0.5.1)

Documentation and setup: link.

Govulncheck

Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary’s symbol table to narrow down reports to only those that could affect the application.

Installation:

go install golang.org/x/vuln/cmd/govulncheck@latest

govulncheck -version
Go: go1.23.3
Scanner: [email protected]
DB: https://vuln.go.dev
DB updated: 2024-11-21 19:52:52 +0000 UTC

Documentation and setup: link.

Gosec

gosec inspects source code for security problems by scanning the Go AST and SSA code representation.

Installation:

go install github.com/securego/gosec/v2/cmd/gosec@latest

Documentation and setup: link