gost is a static checker for Golang. It contains aggressive rules that aren't afraid false-positive as long as diagnostics are informative.
I recommend to use gost via reviewdog. Complete example configuration:
To run it locally, run following:
# install
go install github.com/seiyab/gost@latest
# run
go vet -vettool="$(which gost)" ./...| name | description | practical discovery | inspired by |
|---|---|---|---|
| closeCloser | report that closer isn't closed | reviewdog/reviewdog#1692 | |
| multipleErrors | report suspicious error concatenation | opentofu/opentofu#539 | |
| noDiscardError | report that error is discarded | cli/cli#8026 | |
| noMutateGlobal | reports indirect mutation of global variable | https://pkg.go.dev/vuln/GO-2024-2618 | |
| openFileFlag | report suspicious combination of flags in os.OpenFile() |
anchore/go-logger#13 | |
| preferFilepath | report misuse of "path" package where "path/filepath" should be suitable |
anchore/grype#1767 | |
| sliceInitialLength | reports confusion between slice length and capacity | beego/beego#5631 | dominikh/go-tools#112 |
| urlString | urlString reports unsafe construction of URL-like string. | dominikh/go-tools#730 | |
| wrapError | report senseless error wrapping |