Announcing Semgrep’s support for Go in Pro Engine

We’re adding support for Go in our Pro Engine with 50+ new Go rules covering several popular Go frameworks!

Milan Williams
Milan Williams
May 26, 2023
go for pro thumbnail

A few months ago, we launched Semgrep Pro Engine, which added cross-file analysis for Java and JavaScript into Semgrep Code. Since then, we’ve received overwhelmingly positive support from Pro Engine users to find and fix more complex vulnerabilities across more languages. We are excited to announce that Semgrep Pro Engine now supports Go (Golang) for cross-file analysis.

Go is an increasingly popular programming language due to its speed and ease of use. However, like all languages, it is not immune to bugs and vulnerabilities. With this new addition, Semgrep continues to expand its language coverage and provide accurate, fast, and customizable code analysis tools for security engineers and developers.

We’re also adding 50+ new Go rules covering several popular Go frameworks, including Gin, gRPC, Gorilla, and plain ol’ net/http. We’ve also added new rules for hardcoded secrets to ensure none of those meddling kids secrets make their way into production. Here is an example of a new rule for command injection you can check out!

To get started with Semgrep Pro Engine’s new Go support:

  • In Semgrep Code, add a GitHub or GitLab project and have Semgrep scan your codebase whenever a pull request (PR) or a merge request (MR) is created! Make sure the default ruleset is on your Rule Board & you have the Pro Engine enabled in Settings (as shown below).

default ruleset rule boardsettings page pro engine

  • On the command line, upgrade to Semgrep v1.22.0 or higher and scan with semgrep --pro p/default

We are committed to improving Semgrep's coverage and making it the Go-to code analysis tool across all programming languages.

What language would you like to see Semgrep Pro Engine support next? Join our Community Slack and let us know!


Semgrep Logo

Semgrep is a fast, open-source, code scanning tool for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.

Code scanning at ludicrous speed

Find bugs and enforce code standards