Go Application Analysis


The Go coordinate based matching feature provides the ability to scan and evaluate Go module dependencies found in the project.

What is supported

Go modules by scanning one of the following files (file name must be preserved):

  • go.sum: generated and updated automatically by Go. To learn how, please refer to the Go language documentation.
  • go.list: generated manually by listing the modules in a project using the command:
go list -m all > go.list

What do we parse from the files?

The first two segments corresponding to name and version of the dependency are evaluated. For example:

github.com/gohouse/converter v0.0.3
github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf

Integrations with Go scanning support

For go.sum files

  • CLI from version 69
  • Jenkins from version 3.6.20190722-122200.83d1447
  • Bamboo from version 1.12.1

For go.list files

  • CLI from version 95
  • Jenkins from version 3.9.20200716-164408.7b4a45f
  • Bamboo from version 1.16.1

Steps to analyze using the CLI

Run a scan

Invoke a CLI scan of a directory or subdirectories containing go.sum or go.list files.  Instructions on how to do this can be found here: Nexus IQ CLI.

Example go.sum File

github.com/gohouse/converter v0.0.3 h1:xyM0XyhRQUsf2Y0lEABbOHvLDVjiRkjTxi+dza87M80=
github.com/gohouse/converter v0.0.3/go.mod h1:Yb3eAs+8j4rYcnthK6iK9e/3HDZJ5C2PsYaugkeQR2I=
github.com/gohouse/gorose v1.0.5 h1:Iescp+mt88bkIXqmTF2ixM4nlLjo6D9CXX6hRWCz2lc=
github.com/gohouse/gorose v1.0.5/go.mod h1:eGB2F605oLiIpo14y0o1EvBWXQ6h0hgW3OMhGJtwk8Y=
github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/rs/cors v1.4.0 h1:98SZukVonBOdXatRLa6GSAtp+IeOjY+nmdEZAxImXXc=
github.com/rs/cors v1.4.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=

Output from cli

Dashboard results

Report results