What type of Go projects does Snyk support?
Snyk supports testing and monitoring Go projects that have their dependencies managed by dep, govendor and Go Modules (CLI only). Go support is currently supported via the Snyk CLI and Git Integrations
Testing Go projects using the CLI
dep and govendor
We scan Go projects by examining your
vendor/vendor.json files to compare the specific versions of every direct and deep dependency in your project against our Go vulnerability database.
We scan Go Modules projects by examining your
go.modfile in order to create a full structured dependency tree and compare the specific versions of every direct and deep dependency in your project against our Go vulnerability database.
We scan Go Modules projects at the package level rather than on the module level since you might use a vulnerable module but not the vulnerable package. This will help with risk assessment and with the decision for the next steps