Rust-powered static analysis for Go — catching nil dereferences, unhandled errors, data races, resource leaks, and goroutine leaks at compile time.
GoGuard is in active development. Core analysis passes are implemented and functional. We are actively improving precision and reducing false positive rates.
Analysis Passes
- Nil safety analysis — potential nil pointer dereferences (
NIL001), nil map writes (NIL004), unchecked type assertions (NIL002), nil channel operations (NIL006) - Error checking — unchecked error return values (
ERR001), errors assigned to blank identifier (ERR002) - Concurrency analysis — goroutine leak detection (
LEAK001), unused channel detection (LEAK002), shared state races (RACE001), loop variable capture (RACE002) - Ownership analysis — resource leak detection (
OWN001) - Taint analysis — SQL injection (
TAINT001), command injection (TAINT002), path traversal (TAINT003), XSS (TAINT004) with inter-procedural flow tracking and configurable sources/sinks/sanitizers - Exhaustiveness checking — non-exhaustive type switches (
EXH001), non-exhaustive enum switches (EXH002), missing default cases (EXH003)
CLI
goguard check— JSON, SARIF, and human-readable outputgoguard explain— detailed rule explanations with examplesgoguard init— project initialization withgoguard.tomlgoguard fix— single diagnostic fix with--apply,--patch,--verifygoguard auto-fix— autonomous fix loop: analyze → fix → build → test → repeat, with budget limits and rollback on failuregoguard query— GoGuard QL query language with interactive REPL (--repl)goguard setup— IDE integration setup (VS Code, Zed, etc.)goguard update— seamless self-update of binary + Go bridge from GitHub releasesgoguard serve --mcp— start MCP servergoguard serve --lsp— start LSP servergoguard sdk generate— generate typed Python SDK from MCP tool schemasgoguard sdk call— execute MCP tools via CLI for SDK integration--changed-only— incremental analysis of git-changed files only (stop-the-bleed mode)
MCP Server
- Full MCP integration for AI coding agents and editors
- Tools:
analyze,explain,fix,verify,batch,snapshot,query,search,execute,autofix,teach,rules - Elicitation — interactive nil contract and resource lifecycle annotations
- Snapshot management with diff comparison
- Task tracking
- Prompts and resources
LSP Server
- Real-time diagnostics on file save
- Hover with diagnostic context
- Code actions for quick fixes
Ecosystem
- AGENTS.md generation — auto-generated project safety rules with round-trip safe markers
- CLAUDE.md generation — auto-generated config section from
goguard.toml - golangci-lint plugin — drop-in Go plugin with full test suite
- Python SDK — auto-generated typed client with Pydantic models (packaged with pyproject.toml)
- Homebrew formula —
brew install goguard - CI/CD — GitHub Actions for CI and release automation
- SARIF v2.1.0 — GitHub Security tab and Azure DevOps integration
Core Infrastructure
- Go bridge — FlatBuffers-based IPC between Go SSA compiler and Rust analysis engine, with bridge caching
- Salsa incremental DB —
goguard-dbwith query engine, JS runtime, and caching layer - GoGuard QL — query language for diagnostics with filters, sorting, limits, callers, and taint path queries
- JS execution — embedded JavaScript runtime for Code Mode queries against analysis data
- Configuration —
goguard.tomlwith per-rule configuration, severity thresholds, ignore patterns - Learning engine —
goguard-learnwith pattern database, elicitation store, and annotations storage - Type system — Go type representation with generics and interface support
Focus: Reduce false positive rate to production-quality levels.
- Calibrated confidence scores —
confidence: 72%means "72% chance this is a real bug" - Per-pattern statistical priors learned from real codebases
- Improved nil tracking for map lookups and struct field access paths
- Better alias tracking for channel operations (signal.Notify, etc.)
-
--min-confidenceflag for filtering by calibrated probability -
--show-allto display all findings regardless of confidence - Quality gate:
goguard quality-gate --max-fp-rate 0.05
Focus: GoGuard learns from your codebase.
- Interactive labeling mode (
goguard label) - Active learning — smart selection of which findings to label next
- Per-project feedback loop (
.goguard/feedback.jsonl) - Automatic FP cluster discovery and reporting
- Diagnostic grouping — collapse repetitive findings
- Cross-package nil models — learn from dependency APIs
Focus: Stability, performance, ecosystem.
- False positive rate <5% out of the box
- <200ms incremental analysis (changed files only)
- <5s full analysis on 50k LOC projects
- VS Code extension
- Zed extension
- APT, Docker distribution
| Rule | Category | Description |
|---|---|---|
NIL001 |
Nil Safety | Possible nil pointer dereference |
NIL002 |
Nil Safety | Unchecked type assertion |
NIL004 |
Nil Safety | Nil map write (runtime panic) |
NIL006 |
Nil Safety | Nil channel operation |
ERR001 |
Error Handling | Error return value not checked |
ERR002 |
Error Handling | Error assigned to blank identifier |
LEAK001 |
Concurrency | Goroutine without termination signal |
LEAK002 |
Concurrency | Channel created but never used |
RACE001 |
Concurrency | Shared variable access without synchronization |
RACE002 |
Concurrency | Goroutine captures loop variable |
OWN001 |
Ownership | Resource opened but never closed |
TAINT001 |
Security | SQL injection — untrusted data in query |
TAINT002 |
Security | Command injection — untrusted data in exec |
TAINT003 |
Security | Path traversal — untrusted data in file path |
TAINT004 |
Security | XSS — untrusted data in HTTP response |
EXH001 |
Exhaustiveness | Non-exhaustive type switch |
EXH002 |
Exhaustiveness | Non-exhaustive enum switch |
EXH003 |
Exhaustiveness | Missing default case in switch |
See CONTRIBUTING.md for development setup and guidelines.
GoGuard is dual-licensed under MIT and Apache 2.0.