GoKart

GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. GoKart also helps to power Chariot, Praetorian's security platform that helps you find, manage, and fix vulnerabilities in your source code and cloud environments. Chariot makes it simple to run automated, continuous GoKart scans on your source code. If you want to try GoKart, you can set up a free Chariot account in minutes.

Features

Static analysis is a powerful technique for finding vulnerabilities in source code
GoKart also helps to power Chariot
GoKart is a static analysis tool for Go that finds vulnerabilities
It is capable of tracing the source of variables and function arguments
Determines whether input sources are safe
GoKart can figure out if the variable is actually a constant or constant equivalent

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow GoKart

GoKart Web Site

Other Useful Business Software

Gemini 3 and 200+ AI Models on One Platform

Access Google's best plus Claude, Llama, and Gemma. Fine-tune and deploy from one console.

Build generative AI apps with Vertex AI. Switch between models without switching platforms.

Start Free

Rate This Project

User Reviews

Be the first to post a review of GoKart!

Additional Project Details

Programming Language

Related Categories

Go Static Code Analysis Tool

Registered

2023-03-30

Similar Business Software

Parasoft

Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and...

See Software
ZeroPath

ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix...

See Software
TrustInSoft Analyzer

TrustInSoft Analyzer is a C/C++/Rust source code analyzer powered by formal methods, mathematical & logical reasonings that allow for exhaustive analysis of source code. This analysis can be run without false positives or false negatives, so that every real bug in the code is found. Developers...

See Software
Visual Expert

Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking...

See Software
YAG-Suite

The YAG-Suite is a French made innovative tool which brings SAST one step beyond. Based on static analysis and machine learning, YAGAAN offers customers more than a source code scanner : it offers a smart suite of tools to support application security audits as well as security and privacy by...

See Software
Semgrep

Modern security teams are “paving the road” for developers — enforcing code guardrails on every commit. r2c’s Semgrep can eliminate vulnerability classes organization-wide. Scale your security team with lightweight static analysis. Semgrep is a fast, open-source, static analysis tool that excels...

See Software