Golang can be extended by and integrated with C code using cgo. Unfortunately, this removes memory safety guarantees and inherits the dangerous traits of C code.
In modern secure software development, it's normal to run static analysis tools against C code. For example, Clang's scan-build is an excellent, open-source packaging of Clang's analysis tooling. In a perfect world, running
scan-build go build
would be enough to perform a scan. In the real world, this doesn't work but this script works around this limitation.
- Clone the repository
- In the checkout directory, run
./scan.sh <target code> <output directory>
- Clone the repository
- In the checkout directory, run
./docker.sh <target code> <output directory>