← All posts

DeepSource Go analyzer is now generally available

Support for more package managers, and 21 new issues detected.

Header image
By Sourya on 
Share on Twitter Share on LinkedIn Share on Facebook

Two months ago, we launched the analyzer for the Go programming language in a public beta. Since then, prominent open-source projects like Dgraph, Gauge, and many others have adopted DeepSource to enable continuous quality and security on their code. With features and fixes based on the feedback we received from early adopters, we are pleased to announce that the DeepSource's Go analyzer is now generally available. Read on to know all the details.

Support for package managers

DeepSource installs the 3rd party dependencies listed in your project during the analysis to get a full view of your application. Up until this release, we supported go modules as the only way to install them, and if we detected some other package manager, we’d try to move it to go modules (using the go mod init <import path> command). While this approach worked for many repositories, it did not for others. One such case was when a dependency of the analyzed repository had versioned packages (package.domain.tld/v1), but the repository itself was using the unversioned package (the “zeroth” version).

To analyze such packages better, we now detect the package manager used for the repository and use it to install the dependencies. We now support 10 package managers, details about which can be found here.

21 new issues detected

We now detect 21 new issues in your Go code, which brings the total number of issues raised to 154, which we have categorized into 72 bug risk issues, 41 anti-patterns, 19 security issues, 11 style issues and 11 performance issues. Of these 21 new issues, 12 prevent bug risks, 4 detect anti-patterns, and 5 of them help improve performance. Let’s look at some of the new issues:

Copy the arrays, you must not.

Override, you shall not, an imported package’s name.

We’re so excited about this release, and we’re sure you’d find these new issues useful if you’re writing code in Go. Why don’t you go ahead and signup on DeepSource and start analysis on your Go repositories? It’s free forever for open-source!

The Gopher image is attributed to Maria Letta.
About DeepSource
DeepSource helps you automatically find and fix issues in your code during code reviews, such as bug risks, anti-patterns, performance issues, and security flaws. It takes less than 5 minutes to set up with your Bitbucket, GitHub, or GitLab account. It works for Python, Go, Ruby, and JavaScript.
Get started for free

Keep reading...