Share
## https://sploitus.com/exploit?id=26A4D13F-A9AF-5354-AF5F-93996D9E3733
This is a Go AST (Abstract Syntax Tree) scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subset of rules, exclude certain file paths, and produce reports in different formats. By default, it will run all rules against the supplied input files. The scanner can be used to identify vulnerabilities such as hardcoded credentials, binding to all interfaces, and auditing the use of unsafe blocks. The scanner uses a context object to store data parsed from the source code as it is scanned, and passes this data to rule functions as they are called. The scanner also uses a call list to check for usage of specific packages and functions. The scanner has a test suite that includes tests for the analyzer and call list.