Go Application Analysis
The Go coordinate based matching feature provides the ability to scan and evaluate Go module dependencies found in the project.
What is supported
Go modules by scanning one of the following files (file name must be preserved):
- go.sum: generated and updated automatically by Go. To learn how, please refer to the Go language documentation.
- go.list: generated manually by listing the modules in a project using the command:
go list -m all > go.list
What do we parse from the files?
The first two segments corresponding to name and version of the dependency are evaluated. For example:
Integrations with Go scanning support
For go.sum files
- CLI from version 69
- Jenkins from version 3.6.20190722-122200.83d1447
- Bamboo from version 1.12.1
For go.list files
- CLI from version 95
- Jenkins from version 3.9.20200716-164408.7b4a45f
- Bamboo from version 1.16.1
Steps to analyze using the CLI
Run a scan
Invoke a CLI scan of a directory or subdirectories containing go.sum or go.list files. Instructions on how to do this can be found here: Nexus IQ CLI.
Example go.sum File
Output from cli