Snyk Documentation

Golang

What type of Go projects does Snyk support?

Snyk supports testing and monitoring Go projects that have their dependencies managed by dep, govendor and Go Modules (CLI only). Go support is currently supported via the Snyk CLI and Git Integrations

 

Testing Go projects using the CLI

dep and govendor

We scan Go projects by examining your Gopkg.lock or vendor/vendor.json files to compare the specific versions of every direct and deep dependency in your project against our Go vulnerability database.

Go Modules

We scan Go Modules projects by examining your go.modfile in order to create a full structured dependency tree and compare the specific versions of every direct and deep dependency in your project against our Go vulnerability database.

We scan Go Modules projects at the package level rather than on the module level since you might use a vulnerable module but not the vulnerable package. This will help with risk assessment and with the decision for the next steps