Gosec is a great tool to run our Go code and ensure that we have no security issues. To keep the post short, I won't explain the security issues, my focus will be to show you how to run the tool. Maybe in the future, I can write about the issues, right now if you want to understand more, please read this post

# binary will be $(go env GOPATH)/bin/gosec
curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin vX.Y.Z
# or install it into ./bin/
curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s vX.Y.Z

# In alpine linux (as it does not come with curl by default)
wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s vX.Y.Z

# If you want to use the checksums provided on the "Releases" page
# then you will have to download a tar.gz file for your operating system instead of a binary file
wget https://github.com/securego/gosec/releases/download/vX.Y.Z/gosec_vX.Y.Z_OS.tar.gz

# The

You can run the tool using a binary or using Docker. I'll show both cases to you.
Using binary you need to run into your root directory:

gosec *.go

Using docker, it needs more config, but it works well. In the readme the command is securego/gosec ./..., it didn't work to me, so I replaced ./... to projet-path

docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec $GOPATH/src/<YOUR PROJECT PATH>

Even if you use go module, you need to use this format to run the tool.

that's all folks, I hope it can be useful to you =)