Maintaining consistency in codebases with Go Vet

Maintaining success in a large open source project is one of the key objectives of Mattermost. We have hundreds of contributors and we want to create a project that could serve as a model in the Go community. Having said that, following idiomatic Go principles is the thing that we care most about while maintaining our code consistency. For this specific task, we utilized go vet and with this blog post, I would like to explain how we pushed the limits of this tool by extending it.


Optimizing a Golang service to reduce over 40% CPU

10 years ago, Google was facing a critical bottleneck caused by extremely prolonged C++ compilation times and needed a totally new way to solve it. Google engineers tackled the challenge by creating a new language called Go (aka Golang). The new language of Go borrows the best parts of C++, (most notably it’s performance and security features) and combines it with the speed of Python to enable Go to quickly use multiple cores while being able to implement concurrency.

Security in Go Modules and Vulnerabilities in GoCenter at GoSF Meetup in San Francisco

Deep Datta from the JFrog Community Team shares his learnings about Go 1.13 introducing important security features to Go Modules including a checksumdb. He explains how this works and provides information on other tools in GoCenter that keep modules secure include vulnerability scanning and Jfrog Xray.

Introducing Sqreen for Go: the first Runtime Application Self-Protection (RASP) for Go

It’s not a secret that the world of software development is going through some massive changes: the increasing speed of releases, the advent of microservices and distributed infrastructures, and more. Rather than relying on a single technology to do everything, developers are able to select the best tools for each task. And one of the technologies that is enabling that change is Go. At Sqreen, we see these changes first hand.


Getting Real with Command Line Arguments and go-flags

At LightStep, we automate or build tooling around repeated operational processes (like deployments). In service of this, we have a need for sophisticated command line argument parsing. go-flags gives us the power we need to write useful tools while delegating the complexities of argument parsing to a library. Some of go-flags features are difficult to discover; this post is intended to be an unofficial guide to some of those features.


Go: Idiomatic error handling

Go is an extremely opinionated programming language. import something in a file that’s not used? It won’t compile, and there’s no flag to override. While there are workarounds, the end result remains the same: Go files are never cluttered by unused imports. This is true for all Go code everywhere, making every Go project more accessible. Not all Go opinions are enforced by the compiler.


You're the Top Gopher! GoCenter Badges Honor Amazing Go Modules

In the holiday spirit, we’re bringing a little cheer to the Golang community by celebrating the achievements of some noteworthy Go module authors. We’re excited to launch a new program within JFrog GoCenter that honors select “Top Gophers.” Using key metrics of success such as number of downloads and imports, quality metrics, and usage in GoCenter, we aim to highlight projects that we think are really helping improve software development for the Go developer community.


Top 6 security best practices for Go

Golang’s adoption has been increasing over the years. Successful projects like Docker, Kubernetes, and Terraform have bet heavily on this programming language. More recently, Go has been the de facto standard for building command-line tools. And for security matters, Go happens to be doing pretty well in their reports for vulnerabilities, with only one CVE registry since 2002.


How GoCenter Connects Go Modules Authors With Consumers

There’s no longer any doubt, Go modules are an accepted part of Golang. The over 300,000 versioned Go modules in JFrog GoCenter shows how they have been embraced for package management by the Go community. With Go modules now enabled by default in Golang 1.13, the number of publicly available modules will grow even more rapidly — and some of them may be contributed by you. But once you share a Go module project with the community, what happens to it? Does it get used?


How we tracked down (what seemed like) a memory leak in one of our Go microservices

The backend developer team at Detectify has been working with Go for some years now, and it’s the language chosen by us to power our microservices. We think Go is a fantastic language and it has proven to perform very well for our operations. It comes with a great tool-set, such as the tool we’ll touch on later on called pprof. However, even though Go performs very well, we noticed one of our microservices had a behavior very similar to that of a memory leak.