GoLand 2024.1 Help

Vulnerability checker

GoLand can now analyze your codebase and highlight known vulnerabilities.

The IDE highlights packages with known vulnerabilities in go.mod. You can hover over the highlighted code or press Alt+Enter and choose Show vulnerability info for …, and GoLand will show you a list of vulnerabilities with links to the detailed description. The data about vulnerabilities is provided by the software security company Checkmarx.

Vulnerability checker

If you have method calls from packages with known vulnerabilities, GoLand will also highlight them right in your editor. You can hover over highlighted code and see a popup with information about the vulnerability and a link to the detailed description.

Method calls from packages with known vulnerabilities

If there is a solution for the current vulnerability, GoLand will suggest an appropriate quick-fix. For example, if you need to upgrade the package version in order to fix the vulnerability. GoLand will suggest to upgrade the package version.

Quick-fixes for packages with vulnerabilities

  1. Press F2 or click the highlighted package.

  2. Press Alt+Enter to call intention actions and select Show vulnerability info for ....

    GoLand will display a popup with found vulnerabilities. To read more about a vulnerability, select the vulnerability and press Enter.

View all vulnerabilities in the Problems tool window

  1. Open the go.mod file.

  2. Click the widget in the top-right corner of the editor. The IDE opens the Problems tool window with all the found vulnerabilities.

    If you right-click the found vulnerability in the Problems tool window, you can select Show Quick-Fixes to view available quick-fixes.

Analyze your code for vulnerabilities

  • In the main menu, go to Code | Analyze Code | Show Vulnerable Dependencies.

Last modified: 11 February 2024